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Interop  preview  Extreme,  Shoreline  to  launch  10G 

Ethernet  and  VoIP  gear,  respectively,  at  N-H  next  month.  PAGE  1 2. 


~f)  VeriSign’s  view  Stratton  Sclavos,  GEO  of  the  PKi  pio- 

3F  neer,  explains  how  VeriSign's  acquisitions  have  panned  out  PAGE  18. 
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Like  an  increasing  number  of  IT 
execs,  Andre  Gold  of  Continental 
Airlines  is  using  global  load 
balancers  to  improve  the 
performance  of  the  company’s 
e-business  sites. 


IP  telephony  talk 
zeroes  in  on  SIP 


Put  to  the  test 

New  threats  force  intrusion-detection  vendors  to  rearm. 


fcfcThe  IDS  vendors  will  have 
to  graft  on  anomaly  and 
behavior-based  detection 
or  they  will  die.  9  9 

Ed  Skoudis 

Vice  president  of  ethical  hacking, 
Predictive  Systems 


■  BY  ELLEN  MESSMER 

Intrusion-detection  systems 
work  just  fine  when  it  comes  to 
spotting  and  clamping  down  on 
attacks  that  have  been  seen  be¬ 
fore,  but  security  experts  warn 
that  a  new  breed  of  stealthy  net¬ 
work-attack  techniques  could 
run  roughshod  over  today’s  IDS 
devices. 

Experts  are  increasingly  con¬ 
cerned  about  newer  threats  such 
as  the  so-called  polymorphic 
buffer  overflow,  in  which  a  per¬ 
son  alters  the  attack’s  shell  code 
or  encrypts  it  to  slip  by  an  IDS. 
Some  analysts  contend  that  sig¬ 
nature-based  detection  systems 
are  doomed  unless  vendors 
adapt  to  changing  conditions. 

“The  IDS  vendors  will  have  to 
graft  on  anomaly  and  behavior- 
based  detection  or  they  will  die,” 
says  Ed  Skoudis,  vice  president  of 


ethical  hacking  at  consultancy 
Predictive  Systems. 

The  first  evidence  of  how  a 
polymorphic  buffer-overflow  at¬ 
tack  might  work  came  last  year 
with  an  online  tool  called 
ADMutate  that  can  take  an  attack 
shell  code  and  subtly  transform 
it.  That  way,  the  attack  code  looks 
different  from  the  known  signa¬ 
ture  but  is  functionally  equiva¬ 


lent.  As  it  hits  the  target  machine 
it  reassembles,  having  eluded 
the  IDS.The  ADMutate  mutation 
engine  is  the  first  of  its  kind. 

While  polymorphic  attack  tech¬ 
niques  currently  might  not  be  in 
widespread  use,  they  are  a  dis¬ 
turbing  prospect  “because  when 
you  can  mutate  that  code  in  any 
wayyou  make  it  difficult  to  detect 
See  Attacks,  page  76 


■  BY  PHIL  HOCHMUTH 

SEATTLE  —  As  voice  over  IP 
gains  momentum  in  large  organi¬ 
zations,  experts  say  forward-think¬ 
ing  network  executives  should 
familiarize  themselves  with  three 
letters:  S,  I  and  P 

Session  Initiation  Protocol  was 
on  the  minds  of  customers,  ana¬ 


lysts  and  the  vendors  who  were 
pushing  a  lineup  of  new  SiP-relat- 
ed  products  at  the  Voice  on  the 
Net  show  last  week. 

SIP  is  an  Internet  Engineering 
Task  Force  protocol,  similar  in 
format  to  HTTP,  used  in  applica¬ 
tions  to  establish  and  terminate 
communication  sessions  over  IP 
See  SIP,  page  16 


New  formula  for  apps  access 

Web  services  help  chemical  company  send  catalog  updates  in  real  time. 


BY  JOHN  FONTANA 


KINGSPORT,  TENN.—  In  his 
role  as“hype  buster” for  Eastman 
Chemical,  Carroll  Pleasant  has 
been  called  upon  to  put  Web  services  under  his 
magnifying  glass. So  far, he  likes  what  he  sees,  though 
concerns  about  performance  and  security  have  him 
moving  cautiously. 

Eastman  is  trying  out  Web  services  to  give  partners 
and  customers  speedier  and  more  targeted  access 
to  applications,  such  as  a  product  catalog  of  more 
than  400  chemicals,  fibers  and  plastics.  If  Web  ser¬ 
vices  prove  successful,  the  company  will  offer  a 
range  of  them  in  hopes  of  generating  new  revenue. 


WebServices 


EARLY  ADOPTERS 

First  in  a  three-part  series 


“Web  services  are  an  [appli¬ 
cation]  interface  technology 
for  us,”  says  Pleasant,  Eastman’s 
principal  emerging  technolo¬ 
gies  analyst. “What’s  different  is 
the  idea  that  you  can  wrap  up  intellectual  property 
in  an  object  that  can  actually  respond  to  different  re¬ 
quests.  It  is  not  just: ‘Send  all  the 
data  you’ve  got.’  ” 

He  compares  Eastman’s  Prod¬ 
uct  Catalog  Web  Service  to  a 
dictionary  service  on  the  Inter- 
net.“Wouid  you  rather  have  a  service  where  I  down¬ 
load  the  whole  dictionary  to  you,  or  would  you 

See  Web  services,  page  74 


■  Industry  group 
seeks  to  define 
Web  services, 
see  page  76. 


Microsoft  and  NetlQ  make  it  easier  to  manage  your  entire  Windows 
Server  environment.  You’ve  got  servers  running  Windows®  2000  here, 
servers  running  Windows  NT®  in  the  next  building,  and  a  mix  of  platforms 
running  in  your  plants  overseas.  Managing  a  global-class  enterprise  sure 
means  a  lot  of  running. 

Which  is  why  Microsoft  and  NetlQ  teamed  up  to  deliver  a  way  to  manage 


your  entire  Windows  Server  environment  from  one  very  convenient  place:  your 
desk.  It  starts  with  Microsoft®  Operations  Manager  2000,  the  most  effective 
way  to  manage  all  your  Windows  2000-based  servers  and  applications,  from 
proactive  alerting  to  performance  monitoring  to  event  collection  and  reporting. 

By  adding  NetlQ  Extended  Management  Pack  modules,  you  can  also 
monitor  Windows  NT  4.0  as  well  as  other  Microsoft  servers;  mission-critical 


>oft  Corporation  and  NetiQ  Corporation  All  rights  reserved  Microsoft.  Windows,  and  Windows  NT  are  either  registered  trademarks  or  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other  countries.  The  names  of  actual  companies  and  products  mentioned 


Hfiimniitm 


applications  like  Oracle  RDBMS  and  Lotus  Domino;  and  large-scale  enterprise 
platforms  like  UNIX  and  NetWare.  All  from  one  centralized  console. 

Which  means  that  you  spend  a  lot  less  time  running  around  your 
enterprise,  and  a  lot  more  time  simply  and  effectively  managing  it.  Get  a 
head  start  on  reducing  your  management  burden  with  a  visit  to  netiq.com 
/manageability  today.  Software  for  the  Agile  Business. 

herein  may  be  the  trademarks  of  their  respective  owners.  # 
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Warner  cable  modem  customer.  Is  the  end  of  unlimited  use  corporate 
greed  or  fair  play?  Share  your  thoughts. 
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Verizon  wish  list 
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DocFinder:  8941 


Interactive 


Call  for  entries 

Know  someone  who  has  had  an  outstanding  career,  has  led  an  innovative 
program  or  is  a  rising  star?  Enter  them  into  the  Network  Professional 
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Symmetrix  Remote  Data  Facility  business-continuity  software;  itsTimeFinder  remote 
storage  software;  and  data  migration  and  mainframe  storage  patents,  the  company 
said.  Hitachi,  based  in  Tokyo,  but  with  offices  in  California,  was  not  immediately 
available  for  comment.  EMC  says  it  has  been  negotiating  with  Hitachi  for  four  years 
on  the  matter. 

GA  sells  off  interBiz  products 


The GoodTheBad  Ugly 


■  Computer  Associates  last  week  announced  it  would  sell  its  interBiz  supply-chain 
management,  financial  management  and  human  resource  management  product 
lines  to  SSA  Global  Technologies,  an  enterprise  resource  planning  software  and 
services  provider  in  Chicago.  SSA  says  it  will  continue  to  support  and 
update  the  CA  products,  and  plans  to  immediately  integrate  them 
with  SSAs  collaborative  commerce,  customer  relationship  manage¬ 
ment  and  supplier  relationship  applications. 

Terms  of  the  deal  were  not  disclosed.  CA  says  interBiz  products 
generated  $64  million  in  revenue  for  the  nine  months  ended  Dec. 
31,  and  that  725  employees  were  transferred  to  SSA  as  part  of  this 
transaction. 


Back  to  U.  The  bursting  of  the  dot¬ 
com  and  telecom  industry  bubbles  has  its 
benefits  for  enterprise  network  shops, 
according  to  industry  watcher  Nick  Lippis 
(www.lippis.com):  "With  the  influx  of  technical 
talent  heading  back  to  enterprise  positions, 
so  too  will  network  intelligence  and  innovation." 

Longing  for  Bob  and 

Craig?  The  state  of  Enterasys 
Networks  these  days  may  have  employees 
and  customers  longing  for  the  prosperous 
and  zany  days  of  former  top  executives 
Craig  Benson  and  Bob  Levine.  The  Cabletron 
spinoff  last  week  announced  plans  to  slash 
its  workforce  by  30%  to  1,700,  after 
announcing  the  week  before  that  CEO  Henry 
Fiallo  was  stepping  down  amid  an  anticipated 
revenue  dip.  > 


Microsoft  muddle.  Four  months 
before  Microsoft's  new  software  licensing  plan  goes  into  effect,  nearly  half  of  1,400  IT  managers  surveyed  said 
they  lack  the  necessary  funds  to  upgrade  to  the  new  plan  and  that  confusion  over  licensing  will  delay  their  software 
upgrade  processes,  according  to  a  study  conducted  by  Information  Technology  Intelligence  and  Sunbelt  Software. 


Funk  acknowledges  vulnerability 

■  Funk  Software  last  week  disclosed  security  vulnera¬ 
bilities  in  its  Proxy  Remote  Control  software,  which  is 
used  by  an  administrator  in  a  help-desk  environment  to 
take  remote  control  of  a  user’s  Windows-based  machine. 
Funk  urged  customers  to  upgrade  to  a  new  version  of  its 
latest  release,  Proxy  v.3.09a,to  correct  the  problems.The 
vulnerabilities  could  let  unauthorized  users  obtain 
Proxy  Host  passwords  or  change  configuration  settings, 
default  file  systems  and  registration  settings.  The 
upgrade  to  Proxy  Remote  Control  is  available  at 
www.funk.com/subsections/tec_proxy.asp.  (For  more 
Funk-related  news,  see  page  30.) 


Heavyweights  push  security  spec 
for  web  services 


■  IBM,  Microsoft  and  VeriSign  last  week  published  a 
Web  services  security  specification  they  hope  will  fill 
what  has  become  the  most  glaring  hole  in  the  nascent 
technology.  Making  the  announcement  at  Microsoft’s 
annual  Tech  Ed  conference,  the  three  companies  said 
the  specification,  called  WS-Security,  outlines  how  to 
integrate  disparate  security  systems  such  as  Kerberos 
or  public-key  infrastructure  using  a  set  of  extensions  to 
the  Simple  Object  Access  Protocol.  The  initial  specifi¬ 
cation  includes  two  base  extensions'and  the  trio  plans 
to  develop  six  others.  In  essence,  WS-Security  will  let 
Web  services  pass  secure  and  signed  messages,  a 
process  that  today  requires  a  patchwork  of  proprietary 
technology. 


Security  breaches  becoming  more  costly 

■  Network-based  security  breaches  are  taking  an  increasingly 
heavy  toll  on  corporations  and  government  agencies,  accord¬ 
ing  to  an  annual  survey  by  the  Computer  Security  Institute  and 
the  FBI. The  poll  of  503  security  professionals  suggests  that  orga¬ 
nizations  suffered  about  $456  million  in  financial  losses  last 
year  because  of  security  incidents  that  include  theft  of  propri¬ 
etary  information  or  fraud,  up  from  $378  million  in  2000.  About 
three-quarters  of  respondents  said  their  external  Internet  con¬ 
nection  was  a  point  of  attack,  while  33%  said  their  internal  net¬ 
works  were  attacked. 

EMC  files  patent  suit  against  Hitachi 

■  Alleging  that  Hitachi  is  infringing  on  six  of  its  patents,  EMC  last  week  filed  a  suit 
in  U.S.  District  Court  seeking  damages  and  also  filed  a  complaint  with  the 
International  Trade  Commission  asking  the  body  to  block  import  of  the  infringing 
products  into  the  U  S.  The  complaints,  which  EMC  lodged  against  Hitachi  and  the 
company’s  Hitachi  Data  Systems  division,  concern  patents  covering  the  company’s 


European  Parliament  nixes  Web  blocking 

■  The  European  Parliament  voted  against  blocking  access  to  Web  sites  as  a  way  of 
regulating  content  on  the  Internet,  instead  pushing  self-regulation  and  filter  and  rat¬ 
ing  systems.  The  vote  —  460  in  favor,  zero  against  and  three  abstentions  —  on 
Thursday  adopted  a  report  on  the  protection  of  minors  and  human  dignity  that 
addresses  many  media,  including  the  Internet.  The  Parliament’s  report  is  not  a  leg¬ 
islative  document,  but  is  in  response  to  a  previous  evaluation  report  by  the  European 
Commission.  The  European  Internet  Services  Providers  Association,  which  has 
always  been  in  favor  of  self-regulation,  applauded  the  decision.  EuroISPA  called 
blocking  a  “technically  disastrous  solution”  that  also  creates  “free  speech  and  demo¬ 
cratic  concerns.” 

ICANN  warns  of  domain-name  scam 

■  The  Internet  Corporation  for  Assigned  Names  and  Numbers  is  warning  of  a  swin¬ 
dle  by  an  organization  claiming  to  be  an  approved  domain-name  dispute  solver. 
ICANN,  the  organization  that  oversees  the  Internet’s  addressing  system, said  last  week 
it  has  received  many  reports  of  domain  name  registrants  receiving  mailings  from  an 
entity  calling  itself  XChange  Dispute  Resolution  and  claiming  to  be  an  ICANN-autho- 
rized  arbitrator  in  domain-name  dispute  cases,  which  it  is  not.  In  the  mailing, 
XChange  Dispute  Resolution  says  it  received  a  domain  dispute-resolution  complaint 
and  asks  the  domain  name  holder  to  mail  a  deposit  of  between  $250  and  $1,250  to 
defend  ownership  of  a  domain.  If  the  recipient  takes  no  action,  rights  to  the  domain 
are  forfeited,  the  mailing  says,  according  to  ICANN. 


Choose  your  route  wisely  and  transform  your  entire  business.  Web  services  are  more  than 

simply  putting  your  applications  on  the  Web.  There  is  a  bigger  financial  opportunity  out 
there.  A  road  that  uses  open  standards  to  create  Web  services  that  can  transform  even  the 
biggest,  most  complex  enterprise  business  processes.  Suri"ONE  is,  quite  simply,  the  difference 
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Now  might  be 


a  good  time  to  ask 


for  directions. 


between  realizing  marginal  cost  savings  and  maximum  ROI.  Sun’s  technology  is  ready  to 
adapt  and  scale  with  your  needs  over  the  long  haul.  Perhaps  more  important,  this  road  is 
already  paved.  The  products,  services  and  partners  of  Sun  ONE  are  ready 
to  start  you  down  the  road  today.  You  grab  the  snacks.  We’ve  got  the  map. 
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AT&T  airs 
converged 
network 
upgrades 

■  BY  DENISE  PAPPALARDO 

SEATTLE  —  AT&T  unveiled 
enhancements  to  its  voiceover- 
data  services  last  week  that 
expand  their  reach  to  ATM  cus¬ 
tomers  and  more  international 
locations. 

The  carrier  now  offers  the 
same  voiceover-data  support  to 
ATM  customers  that  it  has 
offered  IP  and  frame  relay  users 
for  more  than  a  year.  AT&T  also 
announced  that  customers  now 
can  set  up  hybrid  voice  and 
data  networks  if  they  have  a 
combination  of  dedicated  ATM, 
frame  relay  and  Internet  access 
connections.  Previously,  cus¬ 
tomers  couldn’t  interconnect 
voice  traffic  between  varied  net¬ 
work  types. 

The  carrier  has  deployed  fire¬ 
walls  between  its  data  networks 
to  support  the  secure  hand-off  of 
voice  traffic,  says  Joe  Aibinder, 
director  of  voice-over-IP  business 
See  AT&T,  page  76 


NetScreen  bolsters  security  wares 


■  BY  TIM  GREENE 

SUNNYVALE,  CALIF  —  Net- 
Screen  Technologies  is  setting  the 
stage  to  extend  the  protection 
offered  by  its  firewall/VPN  line 
through  two  new  high-speed 
devices  that  can  simplify  network 
management  thanks  to  their 
potential  support  for  intrusion 
detection  and  virus  scanning. 

NetScreen-5200  and  NetScreen- 
5400  come  with  firewall  and 
VPN  software  and  can  be  pro¬ 
grammed  to  support  other  secu¬ 
rity  applications,  the  company 
says.  The  5400  —  with  firewall 
speeds  as  high  as  12G  bit/sec  and 
VPN  speeds  up  to  6G  bit/sec  — 
surpasses  performance  claims 
made  by  any  other  vendor. 

NetScreen  says  it  plans  to  add 
applications  to  the  platform,  and 
intrusion-detection  and  antivirus 
software  are  leading  contenders. 

By  lumping  together  security 
functions  in  the  same  device, 
corporate  security  personnel 
limit  the  number  of  devices  they 
must  manage,  saving  administra¬ 
tive  time  and  saving  space  and 
power,  says  Joel  Conover,  an  ana¬ 
lyst  with  Current  Analysis. 


A  host  of  newcomers  such  as 
CrossBeam,  Nexsi  and  Tipping- 
Fbint  Technologies  are  integrating 
these  multiple  security  features  in 
a  single  chassis,  and  Check  Point 
Software  partners  with  other  ven¬ 
dors  to  integrate  intrusion  detec¬ 
tion  with  its  firewall/VPN  soft¬ 
ware.  But  this  is  the  first  time  an 
established,  strictly  firewall/VPN 
vendor  has  redesigned  its  hard¬ 
ware  to  support  other  security 
features,  Conover  says. 

Incorporating  more  func¬ 
tions  into  VPN/firewall  de¬ 
vices  might  not  be  the  way 
to  go  for  everyone,  says  Jeff 
Dell,  a  NetScreen  customer 
who  has  not  used  the  5200 
or  5400.“I  like  to  keep  things 
separate,”  he  says,  noting 
that,  for  instance,  he  might 
want  to  update  an  antivirus 
database  nightly  but  with¬ 
out  disturbing  the  firewall. 

He  says  he  also  would  be 
concerned  whether  the 
packet-inspection  engine 
on  the  device  would  be  able  to 
parse  packets  deeply  enough  to 
effectively  detect  viruses.  Net- 
Screen  says  its  new  capabilities 
will  enable  inspecting  all  the  way 


Top  speed 

NetScreen’s  5200  and  5400 
VPN/firewall  gateways 
claim  the  fastest  speeds. 


NetScreen  5200:  4G 
bit/sec  firewall* *;  2G  bit/sec 
Triple-DES  encryption.* 

NetScreen  5400: 12G 
bit/sec  firewall*;  6G  bit/sec 
Triple-DES  encryption. 

*A1I  large  packets. 


into  packet  payloads.  Dell  also 
says  that  if  NetScreen  decides  to 
write  its  own  intrusion-detection 
software,  it  would  have  to  con¬ 
vince  users  it  is  on  par  with  the 


well-respected  Snort  intrusion- 
detection  freeware. 

From  a  firewall  and  VPN  point 
of  view,  the  two  new  models 
boost  the  capacity  to  support 
virtual  firewalls,  which  are  sepa¬ 
rately  configurable  policy  sets 
within  a  single  firewall  device. 
NetScreen’s  previously  largest 
box,  NetScreen- 1000,  supported 
250  virtual  firewalls,  while  the 
5200  and  5400  support  500. 

The  5200  can  be  configured 
with  either  eight  Gigabit 
Ethernet  ports  or  24  10/ 
100M  bit/sec  Ethernet  ports. 
The  5400  supports  either  26 
Gigabit  Ethernet  or  78  10/ 
100  ports.  Initially,  the  de¬ 
vices  can  be  paired  so  if  one 
fails  the  other  takes  over. 

NetScreen  says  it  reaches 
increased  speeds  with  the 
5200  and  5400  because  of 
new  processors  called  Giga- 
Screen  11,  each  of  which 
handles  2G  bit/sec  firewall 
and  1G  bit/sec  VPN  processing, 
assuming  only  large  packets. 

NetScreen-5200  is  available  now 
and  costs  $99,000.  NetScreen- 
5400  will  be  available  this  fall, and 
its  price  has  not  been  set.H 


ActiveLane  builds  on  Microsoft  VPN  technology 


Outdoing  Microsoft? 

ActiveLane’s  V3000  appliance  provides  an  alternative  for 
setting  up  Windows-based  VPNs.  The  box  incorporates  a 
streamlined  version  of  Windows  2000’s  VPN  technology  and 
tools  to  simplify  configuration  and  management. 


■  BY  TIM  GREENE 

DUBLIN,  CALIF  —  If  you 
have  thought  of  using  the 
remote-access  VPN  capabili¬ 
ties  imbedded  in  Windows 
2000  Server  but  backed  off 
because  they  were  too  com¬ 
plex,  Activel^me’s  new  offer¬ 
ing  might  be  for  you. 

This  week,  the  start-up  will 
introduce  a  hardware  and 
software  package  called 
V3000  VPN  Server  Appli¬ 
ance  designed  to  stream¬ 
line  the  process  of  setting 
up  Windows-based  VPNs. 

The  V3000  appliance  is 
based  on  standard  Intel  serv¬ 
er  hardware  and  runs  a  ver¬ 
sion  of  Win  2000  Server  with 
the  services  not  essential  to 
VPN  support  removed.  Also 
included  in  the  device, 
which  sits  between  the  Inter¬ 
net  and  Windows  servers,  is  a 
dedicated  processing  card  to  speed  VPN 
encryption. 

Using  ActiveLane’s  software  tools,  cus¬ 
tomers  can  set  up  the  server  side  of  a 
VPN  connection  in  15  minutes,  about  a 


half-hour  faster  than  it  takes  to  do  it  with 
the  standard  Microsoft  server,  says  V3000 
user  Micheal  Bach,  information  systems 
manager  at  Atoga  Systems  of  Fremont, 
Calif.,  which  makes  optical  network  gear. 


The  real  timesaver,  though, 
comes  on  the  client  side.  An 
ActiveLane  installation  wiz¬ 
ard  sets  up  an  executable  file 
that  configures  Windows  PC 
and  handheld  software  so 
that  client  devices  can  con¬ 
nect  to  a  VPN,  Bach  says. 
Rather  than  configuring  the 
client  manually,  end  users 
download  the  file  and  exe¬ 
cute  it,  and  their  machine 
connects  to  the  VPN. “Without 
[the  executable  file]  we  sent 
users  an  eight-page  docu¬ 
ment  with  pictures  to  set  the 
client  up  themselves, and  they 
still  screwed  it  up,"  Bach  says. 

Once  a  VPN  tunnel  is  set  up, 
users  enter  their  network 
identification  and  password, 
which  is  checked  against  in¬ 
formation  in  Microsoft’s  Ac¬ 
tive  Directory  databases.  Com¬ 
patibility  with  Active  Direc¬ 
tory  eliminates  the  need  to 
maintain  a  separate  authorization  data¬ 
base  for  the  VPN. 

The  $12,000  package  also  features  soft¬ 
ware  that  can  trigger  alarms,  generate 
standard  and  custom  reports  on  current 


and  historical  use  by  individuals. 

The  appliance  is  Configured  via  a 
browser  interface  and  supports  1,000 
concurrent  connections.  Because  it  relies 
on  Microsoft  VPN  software,  the  Active¬ 
Lane  3000  supports  Point-to-Fbint  Tun¬ 
neling  Protocol  and  Layer  2  Tunneling 
Protocol/lP  Security  VPN  tunnels. 

ActiveLane  competes  against  the  likes  of 
Neoteris  and  Netilla  Networks, which  make 
secure.  Internet-based  remote-access  gear 
that  relies  on  standard  Web  browser  secu¬ 
rity  rather  than  special  client  software, says 
Robert  Lonadier,  president  of  consulting 
firm  RCL  and  Associates. 

The  company  also  makes  firewall, 
caching  and  storage  equipment.  Founders 
include  Ravi  Lingarkar,  the  former  vice 
president  of  engineering  for  McAfee  and 
former  director  of  engineering  at  Network 
Associates.  ■ 


Correction 


IU  In  the  story  “Gupta  touts  Web  services" 
(Apnl  8,  page  31),  Keynote  Systems  CEO 
Umang  Gupta  should  have  been  listed  as  the 
founder  of  what  is  now  Centura  Software. 


Make  the  net  work  with  Web  services 
that  can  transform  your  business: 


Transformative  change  begins 
with  Java™  technology. 

At  the  enterprise  level,  lava™  technology  and 
XML  mean  interoperability.  Sun™  ONE  capitalizes 
on  seven  years  of  Java  leadership  to  provide  a 
platform  for  Web  services  that  leverages  your 
existing  systems.  And  since  78%  of  developers 
consider  the  |ava  platform  to  be  the  most 
effective  platform  for  building  and  deploying 
Web  services,  you  can  be  sure  Sun  ONE  will  get 
you  started  down  the  road  in  the  right  direction. 

The  Solaris™  Operating  Environment 
lets  you  deploy  services  on  an 
enterprise-class  platform. 

Make  sure  your  services  are  always  available 
for  your  customers,  with  the  rock-solid  Solaris™ 
Operating  Environment.  You’ll  be  in  good 
company— after  all,  many  of  the  largest  Internet 
businesses  already  run  on  it.  Solaris  OE  is  the 
foundation  of  Sun  ONE  and  provides  a  highly 
reliable  application  platform  for  any  kind  of 
service.  That’s  what  we  call  “Services  on  Demand.” 


Sun  ONE  infrastructure  software 
delivers  services  today. 

Sun  ONE  Directory  Server  already  enables  60% 
of  the  Fortune  100  to  conduct  business  on 
the  Web  quickly  and  securely.  And  Sun  ONE 
Developer  Tools  for  lava  were  judged  Best  Java 
IDE  by  |avaWorld.  They  both  work  seamlessly 
with  Sun  ONE  Application  Server  and  Sun  ONE 
Portal  Server  to  let  you  deliver  services  that 
quickly  scale  across  multiple  platforms.  The 
faster  you  get  your  Web  services  to  market, 
the  greater  the  business  opportunity.  There’s 
no  speed  limit  on  this  road. 

Sun  ONE  Consulting  can  start  you  down 
the  road  to  Web  services  right  now. 

Sun  ONE  Consulting  lets  you  reduce  the  time, 
cost  and  risk  of  transforming  your  business 
with  Web  services.  Sun  ONE  Consulting  can 
help  you  with  every  phase  of  developing  and 
deploying  innovative  services,  giving  you  the 
kinds  of  sustained  business  advantages  you 
would  expect  from  a  business  innovator  like  Sun. 


Systems  Integrators: 

Sun  teams  with  some  of  the  best  systems  integrators  in  the  business,  so  you’ll  have  the  expertise 
you  need  to  begin  developing  “Services  on  Demand”  on  the  Sun  ONE  platform  today: 
o  Cap  Gemini  Ernst  &  Young  0  EDS 

°  Computer  Sciences  Corporation  °  KPMG  Consulting,  Inc. 

o  Deloitte  Consulting  0  Science  Applications  International  Corporation 


Companies  already  on 
the  road  with  Surf  ONE: 

Standard  &  Poor’s 

The  Sun  ONE  architecture  has  doubled 
Standard  &  Poor’s  uptime  and  application 
performance  over  previous  implementations, 
and  has  improved  their  service  delivery  to 
financial  markets  so  that  they  are  now  able 
to  meet  client  demands  24/7. 

National  Hockey  League® 

With  the  Sun  ONE  framework,  the  NHL®  is 
harnessing  the  power  of  the  Web  to  improve 
operations.  The  NHL  can  now  communicate 
and  conduct  business  more  securely  while 
delivering  “Services  on  Demand”  to  over 
8  million  passionate  hockey  fans  per  month 
on  NHL.com. 


The  road  to 
Web  services 
begins  with 
Sun  ONE. 


CREATE  NEW  SERVICES 

•  Sun  ONE  Developer  Tools 

•  Sun  ONE  Application  Server 

•  Sun  ONE  Integration  Server 

The  fastest  road  to  maximizing 
productivity  and  the  speed  of 
development. 


DELIVER  SERVICES 

•  Sun  ONE  Portal  Server 

•  Sun  ONE  Messaging  Server 

•  Sun  ONE  Calendar  Server 

The  fastest  road  to  providing 
prepackaged  and 
custom-developed 
services. 


IDENTITY  AND  SECURITY 

*  Sun  ONE  Directory  Server 

•  Sun  ONE  Identity  Server 

The  fastest  road  to  leveraging  and 
protecting  your  corporate  assets. 


DEPLOY  SERVICES 
•  Solaris  Operating  Environment 

,  The  fastest  road  to  deploying 
i  Java  and  XML-based  services 
quickly  and  reliably. 
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NEED  DIRECTIONS? 
REGISTER  TODAY 

for  our  exclusive 
Web  seminar  on  the 
importance  of 
open  standards  in 
Web  services. 
www.sun.com/stayopen 
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Extreme  joins  the  1 0Gig  Ethernet  fray 


■  BY  PHIL  HOCHMUTH 

Extreme  Networks  will  make  its 
first  official  foray  into  the  10G 
Ethernet  market  this  week  when 
it  announces  a  10G  bit/sec  mod¬ 
ule  for  its  BlackDiamond  Switch. 

The  module  will  provide  qual- 
ity-of-service  (QoS)  and  traffic¬ 
shaping  features,  and  the  ability 
to  move  Ethernet  packets  at 
10,000M  bit/sec,  the  company 
says. 

The  blade  could  help  corpo¬ 
rate  IT  users  alleviate  data  center 
bottlenecks  by  linking  switches 
with  high-speed  interconnects, 
the  vendor  adds. 

Also  being  announced  this 
week  is  new  IP  telephony  gear 
from  Shoreline  Communications, 
which  is  expanding  IP  phone 
and  voice-over-IP  protocol  sup¬ 
port  on  the  company’s  distrib¬ 
uted  VoIP  system.  The  new 
Shoreline  and  Extreme  products 
also  will  be  deployed  as  the 
voice  and  data  infrastructure  at 
the  NetWorld+Interop  2002  show 
next  month  in  Las  Vegas  (see 


story  below). 

Extremes  10G  Ethernet  module 
will  be  a  single-port,  one-slot 
blade  for  its  BlackDiamond  chas¬ 
sis  switch.  While  Extreme  is  one  of 
the  last  large  Ethernet  switch 
players  to  announce  a  10  Gigabit 
module  —  Enterasys  Networks, 
Cisco,  Riverstone  Networks,  Foun¬ 
dry  Networks,  Nortel  and  Avaya 
have  announced  products  —  the 
company  says  its  offering  will 
have  wire-rate  QoS  capabilities, 
which  competing  10G  Ethernet 
products  lack. 

“I  could  see  us  using  the  10G 
[blade  from  Extreme]  to  inter¬ 
connect  our  data  center  switch¬ 
es,”  says  Tony  Crognale.a  network 
technician  with  Scottsdale  Insur¬ 
ance  in  Arizona,  which  has  more 
than  30  Extreme  BlackDiamond 
switches  deployed."  10G  would  let 
us  free  up  some  of  our  trunked 
Gigabit  ports  and  just  hook  our 
backbone,”  with  a  single  fiber 
connection,  he  says. 

10G  Ethernet  is  not  urgent  at  the 
firm,  Crognale  says,  but  new  pro¬ 
jects, such  as  IP  video  to  the  desk¬ 


top  and  the  move  to  a  “paperless” 
office  continues  to  increase  the 
company’s  bandwidth  usage. 

Extreme  says  it  is  addressing  an 
area  of  the  nascent  10G  Ethernet 


+  INTEROP 


market  that  has  been  overlooked 
—  the  ability  to  traffic-shape 
packets  moving  at  10,000M 
bit/sec  without  latency  or  delay 

Extreme’s  blade  will  have  a  dis¬ 
tance  limitation  of  6.2  miles  over 
single-mode  fiber-optic  cable  — 
multimode  fiber  will  not  be  sup¬ 
ported  in  the  first  module  release. 
The  module  will  be  available  in 
the  summer  for  about  $60,000. 

Meanwhile,  Shoreline  will  re¬ 
lease  its  Shoreline4  IP  telephony 
system  with  expanded  support 
for  the  Media  Gateway  Control 
Protocol  (MGCP)  IP  phones  and 
the  use  of  the  Session  Initiation 
Protocol  (SIP)  as  the  base  tech¬ 


nology  for  IP  call  control  among 
Shoreline  devices.  MGCP  and  SIP 
are  protocols  developed  by  the 
International  Telecommunica¬ 
tions  Union  and  Internet  En¬ 
gineering  Task  Force,  respectively, 
for  setting  up  and  controlling 
packet  telephony  traffic. 

Shorelines  offering  is  a  hybrid 
1  P/analog  phone  system  where 
call  control  and  switching  is  dis¬ 
tributed  throughout  a  LAN. 
ShoreGear  VoIP  switches  attach 
to  a  LAN  switch  and  support  dig¬ 
ital  phone  handsets  that  can  be 
reused  from  older  systems  or 
purchased  new  from  Shoreline. 
In  Shoreline4,the  company  is  re¬ 
placing  a  proprietary  interswitch 
control  protocol  with  SIP  which 
Shoreline  says  will  open  the  sys¬ 
tem  more  to  supporting  S1P- 
based  IP  devices  or  applications 
such  as  Windows  Messenger  in 
Windows  XP  MGCP  phone  sup¬ 
port  will  let  IP  phones  be  used 
on  the  Shoreline  system  for  the 
first  time. 

Shoreline  has  certified  Poly¬ 
com’s  SoundPoint  500  IP  phones 


Convergence  in  action 

[Shoreline,  Extreme  put  the  interoperability  in  Interop  at  upcoming  N+l  show. 


In  addition  to  showing  off  new  voice  and  data  products  at  the 
NetWorld+Interop  2002  show  May  6-10  in  Las  Vegas,  Ex¬ 
treme  Networks  and  Shoreline  Communications  will  put 
their  gear  to  work. 

10G  Ethernet  switches  from  Extreme  and  IP  voice  gear  from 
Shoreline  will  be  two  of  the  main  technologies  used  as  the  voice 
and  data  foundation  for  eNet,  the  converged  network  that  will 
run  the  show. 

Extreme  will  deploy  five  BlackDiamond  switches  fitted  with 
its  new  10G  Ethernet  blade  to  serve  as  the  network  backbone 
for  the  show.  The  switches  will  be  arranged  in  a  ring  topology 
in  what  Extreme  and  show  organizers  say  will  be  the  largest 
temporary  deployment  of  live  10G  Ethernet  equipment  and  will 
support  more  than  8,000  nodes  during  the  week.  Extreme  also 
will  deploy  its  Alpine  and  Summit48  switches  as  a  distribution 
layer  of  the  network.  Those  boxes  will  have  network  runs  to 
the  show  floor,  and  uplink  to  the  10G  bit/sec  backbone  via 
Gigabit  Ethernet  connections. 

The  30  ShoreGear  distributed  voice  switches  will  provide  the 
phone  infrastructure  for  the  show  floor  and  for  conference 
facilities  such  as  seminar  rooms  and  corporate  meeting  suites. 
Shoreline  will  deploy  a  mix  of  analog  and  IP  phones  throughout 
the  convention  center,  with  all  voice  traffic  linking  over  the 
Extreme  backbone  through  the  ShoreGear  switches  running 
Version  4.0  of  Shoreline's  operating  system.  Quality  of  service 
for  the  Shoreline  voice  traffic  will  be  provided  by  the  Extreme 
gear  from  all  10/100/1000M  bit/sec  connections  through  the  10- 
Gigabit  core. 

—Phil  Hochmuth 


Sneak  peek 


New  products  from  Extreme  and  Shoreline,  among  others, 
will  help  provide  the  LAN  backbone  and  IP  telephony 
infrastructure  for  the  NetWorld+Interop  show  next  month. 


Traffic  from  digital  handsets  is  converted  to  IP  and 
fed  to  the  Extreme  backbone  via  ShoreGear  VoIP 
switches  running  Shoreline  4.0  software. 


IP  phones  are  recognized  by 
the  Shoreline  box  but  feed 
voice  directly  onto  the  LAN. 


Shoreline 

VoIP 

switch 
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10/100M  bit/sec 
connections  to  booths 
and  conference  facilities 
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Extreme  summit  switch 


10G  Ethernet 
LAN 


Extreme  BlackDiamond  switches 

anchor  Tiber  backbone. 

_ _ 

"Media  gateway  control  protocol 


Extreme  BlackDiamond  switches 


The  Extreme  switches  prioritize  the  Shoreline 
voice  traffic  at  all  levels  of  the  network  from  the 
10G  bit/sec  core  to  connections  on  the  show  floor. 


on  Shoreline4. 

Shoreline  competes  with  3Com, 
Cisco,  Avaya,  Alcatel,  Nortel  and 
Mitel,  among  others  in  the  mid¬ 
range  VoIP  market  for  businesses 
with  100  to  5,000  phones. 

Experio  Solutions,  a  technol¬ 
ogy-integration  company  in  Dal¬ 
las,  installed  Shoreline’s  system 
last  year.  The  firm  has  19  offices 
nationwide  and  approximately 
800  employees  on  the  system, 
which  has  saved  the  company 
on  long-distance  charges  and 
helped  improve  productivity, says 
Michael  Shisko.the  company’s  IT 
director. 

“People  love  the  productivity 
enhancements  you  can  get  on 
the  [Shoreline]  system  by  using 
the  PC  and  phone  together,” 
Shisko  says.  Experio  employees 
can  click  on  a  name  in  their 
Microsoft  Outlook  contact  data¬ 
bases  and  that  sends  a  signal  to 
the  Shoreline  system  to  call  the 
contact  on  the  user’s  desktop 
phone.The  company  also  has  an 
online  corporate  phone  direct¬ 
ory  that  can  be  used  to  dial  other 
employees  from  the  PC. 

Because  the  Shoreline  devices 
are  deployed  in  a  distributed  con¬ 
figuration,  the  company  does  not 
have  to  worry  about  a  significant 
loss  of  phone  service  in  the  case 
of  one  device  failing, Shisko  says. 
The  company  also  saves  80%  on 
what  it  used  to  pay  on  long-dis¬ 
tance  by  running  its  interoffice 
voice  traffic  across  the  company’s 
data  VPN,  provided  by  Qwest 
Communications,  he  adds.B 
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■  THIS  WEEK'S  QUESTION: 

CingularWireless, 
the  second-largest 
wireless  company  in 
the  U.S.,  is  the  product 
of  BellSouth  merging 
its  wireless  business 
with  what  other  Bell 
|  company? 

Answer  the  and  rwie  addrtxxal  questions 
orfne  and  you  could  wm  $500.  Visit 

Itotwrk  W«rW  Fusim  and  enter  2349 

in  the  Search  box. 


In  a  world  where  there’s  a  different  kind  of  threat  every  day,  you  need  a  different  kind  of  security. 

New  threats  can  blow  through  any  firewall  or  anti-virus  software.  That's  why  you  need  the  RealSecure®  Protection 
System.  It  dynamically  detects,  prevents  and  responds  to  an  ever-changing  spectrum  of  online  threats  to  your  business. 
RealSecure  protects  your  networks,  servers  and  desktops.  And  it  provides  powerful,  centralized  management  that's 
both  simple  and  cost-effective.  No  matter  who  you're  up  against.  Call  us  at  800-776-2362.  Or  visit  www.iss.net/nww. 
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Microsoft  talks  up  universal  data  system 

Customers  express  concerns  about  plan  that  will  rely  heavily  on  next  version  of  SQL  Server. 


■  BY  JOHN  FONTANA 

NEW  ORLEANS  —  Microsoft  last  week 
began  to  reveal  an  ambitious  project  to 
spread  portions  of  its  forthcoming  data¬ 
base  technology  across  its  back-end  infra¬ 
structure  servers  so  companies  can  store 
data  in  an  XML  format  and  access  it  regard¬ 
less  of  where  it  lives  on  a  network. 

At  its  Tech  Ed  2002  conference,  which 
drew  7,500  attendees,  Microsoft  laid  out  a 
concept  for  a  universal  file  system  that 
would  rely  heavily  on  technology  from  the 
next  version  of  SQL  Server,  called  Yukon. 
That  technology  allows  for  the  storage  of 
structured  and  unstructured  data  that  can 
be  accessed  through  a  variety  of  devices 
and  protocols. 

Experts  say  the  project  opens  all  sorts  of 
possibilities  for  IT  shops  to  create  data- 
driven  applications  and  get  control  of  ex¬ 
ploding  repositories  of  information. 

Ultimately,  Microsoft  plans  to  create  a  uni¬ 
versal  file  system  that,  in  essence,  makes 
back-end  repositories, such  as  Windows  file 
servers,  Exchange  Server  and  SQL  Server, 
look  like  one  virtual  storage  system  for  files 
and  applications. 


“You  are  talking  about  an  intelligent 
engine  that  blurs  the  lines  between  a  stor¬ 
age  engine  and  an  application  engine, ’’says 
Robert  Ginsberg,  CTO  of  Version  3,  a  soft¬ 
ware  development  firm.There  are  a  lot  of 
things  that  get  interesting  programmatic¬ 
ally,  such  as  files  that  can  update  them¬ 
selves  based  on  alerts.”  But  Ginsberg  says 
Microsoft  is  taking  on  a  huge  effort  that  will 
require  a  new  layer  of  security  and  present 
many  complexities. 

It’s  not  a  new  concept,  but  bringing  it  to 
the  PC  is  a  huge  innovation,  Ginsberg  says. 
IBM’s  AS/400  for  years  has  used  a  single 
relational  database  to  store  everything  and 
Oracle  is  developing  a  similar  idea  with  its 
Internet  File  System. 

XML  is  key  to  Microsoft’s  plan  in  that  the 
technology  makes  it  possible  to  create 
metatags  —  information  about  the  stored 
data  —  that  are  used  for  more  intelligent 
access  to  that  data. 

But  moving  to  a  universal  file  system 
won’t  come  without  a  price,  because  cor¬ 
porations  will  eventually  have  to  convert 
all  their  files  to  an  XML  format. 

“1  question  the  value  of  representing  all 
data  in  XML,”  says  an  IT  manager  with 


financial  firm  Merrill  Lynch  who  asked 
not  to  be  identified.  “In  some  systems 
there  is  a  vast  amount  of  data  that  may  not 
have  to  be  represented  in  XML.  A  lot  of  the 
data  that  we  share  is  in  industry-specific 
formats.There  is  an  issue  here  of  practical 
implementation  vs.  theory.” 

However,  Microsoft  officials  emphasized 
they  are  not  creating  a  single  data  store, 
much  like  Oracle  has  with  its  database,  but 
a  single  data  format  based  on  XML. 

Microsoft  has  tried  before  to  create  a 
universal  file  system,  but  this  time  success 
is  critical  for  its  Web  services  initiative  to 
take  off.  Web  services  technology  is  a  set 
of  XML-based  protocols  for  integrating 
applications  and  back-end  systems  across 
networks. 

Microsoft’s  effort  will  begin  later  this 
year  with  the  first  beta-test  version  release 
of  Yukon. The  server  is  expected  to  ship  in 
the  second  half  of  next  year.  That  will  be 
followed  by  a  version  of  Exchange,  code- 
named  Kodiak,  that  has  Yukon  technology 
at  the  heart  of  its  data  store.  Yukon  tech¬ 
nology  will  then  seep  into  other  back-end 
systems. 

“We  have  this  great  storage  technology 


that  Microsoft  owns,  and  we  will  share  that 
technology  with  other  products,”  says  Paul 
Flessner, senior  vice  president  of  .Net  enter¬ 
prise  servers. 

He  says  Yukon  technology  will  be  part  of 
a  universal  file  system  that  Microsoft  is 
developing.  Other  Microsoft  technology, 
such  as  natural  language  access  and  syn¬ 
chronization,  also  could  be  used. 

“We  are  trying  to  create  a  transparency  to 
data,”  says  Tom  Rizzo,  group  product  man¬ 
ager  for  SQL  Server.“We  want  an  easy  way 
for  the  user  to  get  data  and  not  have  to 
know  or  care  where  it  came  from.” 

Analysts  say  Microsoft  is  trying  to  solve 
one  of  the  biggest  problems  companies 
face  —  getting  control  of  their  data. 

“But  the  trail  of  crumbs  to  get  to  Yukon 
to  fix  this  looks  long  and  expensive,”  says 
Dana  Gardner,  an  analyst  with  Aberdeen 
Group.  “You  are  going  to  have  to  convert 
everything  into  XML.”B 
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Caching  vendors  adding  security  features  to  gear 


Securing  your  cache 

The  days  of  the  simple  cache  are  over,  and  vendors 
recognize  that  their  products  need  to  do  more  than  just 
store  and  forward  content.  Here’s  a  look  at  some  recent 
announcements: 

F5  Networks  —  January 

Partners  with  nCipher  to  integrate  federally  certified  SSL 
acceleration  capabilities  into  its  Web  acceleration  devices. 

CacheFlow —  February 

Tweaks  its  strategy  to  focus  on  security  and  announces  a  new 
caching  device  called  Security  Gateway,  which  combines  Web 
acceleration,  network  protection  and  content  control  in  one  package. 

Network  Appliance  —  March 

Partners  with  WebSense  to  add  content  filtering  to  its  content 
delivery  appliances. 

Inktomi  —  April 

ReleasesTraffic  Edge  Security  Edition  software,  which  adds  content 
filtering,  virus  scanning,  and  user  authentication  and  access  control 
to  its  caching  software. 


■  BY  JENNIFER  MEARS 

Businesses  looking  to  add 
another  layer  of  protection  be¬ 
yond  traditional  firewalls  will  find 
a  slew  of  new  products  from 
companies  that  are  adding  secu¬ 
rity  features  to  their  Web  caching 
offerings. 

Inktomi  last  week  unveiled  its 
Traffic  Edge  Security  Edition  soft¬ 
ware,  which  adds  virus  scanning, 
content  filtering, and  user  authen¬ 
tication  and  access  control  to  its 
caching  software.  Other  vendors 
such  as  CacheFlow,  Network  Ap¬ 
pliance  and  F5  Networks  recently 
have  added  security  features  to 
their  devices. 

Analysts  say  they’re  seeing  a 
trend  among  caching  and  Web 
acceleration  companies  to  add 
more  features  to  Web  caches,  en¬ 
abling  businesses  to  cache  clean 
content,  for  example,  or  to  speed 
up  Secure  Sockets  Layer  process¬ 
ing.  The  trend  makes  sense,  ana¬ 
lysts  say,  because  of  how  caching 
and  other  Web  acceleration  prod¬ 
ucts  fit  into  current  business  net¬ 
works.  Caches  typically  sit  behind 
a  network  firewall  and  store  oft- 
accessed  content  so  that  repeat¬ 
ed  requests  for  a  Web  page  can 


be  served  locally  from  the  cache, 
rather  than  having  to  be  routed 
through  the  Internet  again. 

“These  products  are  at  a  critical 
point  in  the  network  and  they’re  a 
perfect  location  to  add  security 
functionality  or  just  make  sure 
that  content  that  they’re  caching 
is  secure,”  says  Cindy  Borovick.an 
analyst  at  1DC. “There  is  definitely 


a  need  to  make  sure  that  these 
products  complement  a  cus¬ 
tomer’s  security  implementation. 
They’re  not  replacing  firewalls, 
but  they’re  adding  another  layer 
of  security  to  the  network." 

Frank  Cabri,  director  of  market¬ 
ing  at  CacheFlow,  which  intro¬ 
duced  its  Security  Gateway  prod¬ 
uct  earlier  this  year,  says  integrat¬ 


ing  security  features  into  a  cache 
is  a  perfect  complement  to  fire 
walls,  which  scan  packets  as  they 
enter  the  network.  On  the  other 
hand, caches  can  look  at  the  con¬ 
tent  that  is  being  delivered  and 
store  the  clean  content. 

By  getting  integrated  security 
features  within  a  Web  cache,  cus¬ 
tomers  also  get  a  single  box  to 
manage  and  configure,  eliminat¬ 
ing  the  headaches  of  running 
separate  servers  for  caching  and 
virus  scanning.  But  when  more 
than  one  function  is  performed 
on  a  single  box,  a  single  point  of 
failure  exists,  so  redundancy  is 
important,  analysts  say 

A  director  of  security  at  a  finan¬ 
cial  services  firm,  who  asked  not 
to  be  named,  says  he  uses  Ink- 
tomi’s  caching  software  and  is 
looking  at  the  new  security  offer¬ 
ings  because  they  provide  the 
security  he  needs  without  the 
inconvenience. 

“It’s  one  device,  one  place  to 
visit,  one  place  to  configure.  Why 
do  1  want  to  go  to  three  different 
boxes,  and  manage  three  differ¬ 
ent  boxes  and  maintain  configu¬ 
rations  of  three  different  boxes,” 
he  says.  “Less  is  more.  .  .  .  Why 
should  1  maintain  three  different 


vendor  relationships  when  all  1 
want  to  do  is  maintain  one?” 

What  companies  such  as  Ink¬ 
tomi  need  to  do,  he  says,  is  ensure 
tight  integration  between  their 
caching  products  and  the  addi¬ 
tional  features. 

Inktomi  says  its  caching  soft¬ 
ware  integrates  with  Symantec’s 
CarrierScan  Server  antivirus  soft¬ 
ware  to  protect  business  net¬ 
works  against  viruses  such  as 
Nimda,  which  can  be  spread 
through  infected  Web  pages. 

Inktomi  also  has  added  authen¬ 
tication  and  access  control  to  its 
caching  software  so  that  busi¬ 
nesses  can  let  employees  access 
information  such  as  401  (k)  bene¬ 
fits  from  the  Internet.  The  Traffic 
Edge  Security  Edition  software 
lets  businesses  track  who  access¬ 
es  information  and  restrict  that 
access  by  linking  to  Lightweight 
Directory  Access  Protocol,  for 
example,  to  maintain  existing 
authentication  policies. 

Traffic  Edge  Security  Edition 
software  is  available  now  and  will 
also  be  available  through  Inktomi 
partners  including  Compaq,  Dell, 
Hewlett-Packard,  F5  and  Fujitsu. 
Pricing  for  the  software  starts  at 
$5,000.  ■ 


wonder  UNIX  makes  you  feel  boxed  in.  It  ties 
to  an  inflexible  system.  It  requires  you  to  pay  for 
ensive  experts.  It  makes  you  struggle  daily  with  a 
..-server  environment  that’s  more  complex  than  ever. 

Now  for  the  solution.  Microsoft  and  Unisys  have 
joined  together  to  offer  you  a  UNIX  alternative. 

By  teaming  the  Unisys  ES7000  server  with  the 
Microsoft®  Windows®  2000  Datacenter  operating  system, 
we’re  bringing  a  high  performance  server  solution  to  the 
enterprise  market.  A  solution  that  provides  the  flexibility 
and  agility  you  need  in  today’s  web-driven  world. 
Without  sacrificing  any  of  the  reliability  and  scalability 
you  demand. 

So,  if  your  server  environment  has  closed  you  in, 
let  us  help  you  escape.  Microsoft  and  Unisys. Two  smart 
companies,  one  brilliant  solution. 

Learn  more  about  how  the  ES7000  and  Windows 
2000  Datacenter  can  simplify  your  server  environment. 


“TRENDS  IN  LARGE  DATA  CENTERS 
CANDID  INTERVIEWS 
WITH  300  TOP  IT  EXECUTIVES.” 


Contact  us  for  your  free  copy  of 


www.  We  H  aveTh  e  Way  O  u  t .  c  o  m 
info@WeHaveTheWayOut.com 
Toll-free:  800-548-3443 
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Baan  battling  back 

■  BY  ANN  BEDNARZ 

ROME  —  In  its  ongoing  effort  to  reclaim  prominence  in  the 
e-business  software  market,  Baan  is  introducing  new  products  that  will 
help  customers  squeeze  inefficiencies  out  of  their  manufacturing 
processes. 

Baan  will  unveil  its  new  software  lineup  at  its  inForum  user  confer¬ 
ence  this  week,  which  is  expected  to  draw  about  1,500  attendees, 
according  to  show  organizers.  On  tap  is  the  launch  of  Baan’s  retooled 
supply-chain  management  (SCM)  suite,  plus  a  preview  of  its  forthcom¬ 
ing  product  life  cycle  management  (PLM)  suite,  scheduled  to  be 
launched  in  June. 

Once  considered  in  the  same  league  with  top  enterprise  resource 
planning  (ERP)  vendors  SAP  FteopleSoft  and  Oracle,  Baan  lost  its 
momentum  in  1999.  After  pulling  in  sales  of  $176  million  in  the  first 
quarter  of  1999,  Baan  saw  its  revenue  fall  to  less  than  $80  million  in  the 
second  quarter  of  2000.  Two  CEOs  came  and  left  between  July  1998 
and  January  2000,  before  British  software  maker  invensys  acquired 
Baan  in  May  2000. 

However,  lately  Baan  has  been  trying  to  claw  its  way  back.  After  eight 
consecutive  unprofitable  quarters,  the  company  returned  to  profitabil¬ 
ity  in  the  fourth  quarter  of  2000.  Last  year  the  company  announced  its 
iBaan  family  of  Internet-based  software,  and  this  year  it  will  build  up  its 
iBaan  offerings  for  customers  in  six  core  industries:  aerospace  and 
defense;  automotive;  industrial  machinery  and  equipment; electronics; 
logistics;  and  hybrid  manufacturing. 

See  Baan,  page  74 

Meet  the  new  Baan 

Baan  is  working  on  these  new  product  suites: 

iBaan  for  SCM:  A  new  supply-chain  management  suite  that  boasts 
tighter  integration  between  SCM  modules  so  companies  can  deliver 
more  accurate  order-fulfillment  guarantees. 

SCM  business  unit:  Baan  is  forming  a  new  business  unit  in 
Atlanta  around  its  SCM  suite. 

iBaan  for  PLM:  A  Web-based  product  lifecycle  management  suite, 
to  be  launched  in  June,  includes  new  sourcing  and  shop-floor 
control  modules  for  tracking  product  information  through  design, 
manufacturing,  maintenance  and  retirement  processes. 

SAP  adapter:The  company  will  announce  a  prepacked  adapter 
for  linking  its  products  with  software  from  SAP  —  a  first  for  Baan, 
which  previously  has  focused  its  integration  efforts  internally. 

OpenWorld  3.0:  A  new  version  of  Baan’s  XML-based  integration 
framework,  OpenWorld  3.0,  will  be  unveiled  at  inForum. 


SIP 

continued  from  page  1 

(see  “The  Scoop").  SIP  applica¬ 
tions  include  voice  conversa¬ 
tions,  instant-message-style  text 
chat  and  video. The  technology  is 
considered  by  some  to  be  the 
successor  to  H.323,  which  is  used 
as  the  base  of  a  majority  of  IP 
voice  products.  One  of  SIP’s  draws 
is  the  promise  of  voiceover-IP 
(VoIP)  interoperability  among  IP 
PBX,  phone  and  gateway  prod¬ 
ucts, something  lacking  in  current 
IP  telephony  systems. 

SIP  is  being  considered  as  a 
possible  foundation  for  a  voice 
network  at  Boeing,  according  to 
Michael  Mclnnis,  a  network  en¬ 
gineer  at  the  Seattle  aviation 
company. 

“We’re  looking  to  migrate  to 
voice  over  IP  on  a  companywide 
basis,”  says  Mclnnis,  who  attended 
Voice  on  the  Net.“Some  things  I’ve 
seen  here  that  can  be  done  with 
SIP  —  like  being  able  to  organize 
a  conference  call  through  a 
[Microsoft]  Outlook  directory  — 
sound  pretty  advanced  —  things  I 
didn’t  even  know  could  be  done.” 

Boeing’s  voice  network  is  built 
on  five  carrier-scale,  time  division 
multiplexing-based  Lucent  5ESS 
voice  switches,  which  support  a 
user  base  of  185,000  employees. 
The  company  also  has  pockets  of 


IP  voice  installed,  with  Cisco’s 
CallManager  IP  PBX  and  about 
2,000  phones  deployed  around 
the  country.  CallManager  sup¬ 
ports  Cisco’s  Skinny  Client  Con¬ 
trol  Protocol  and  H.323,  which 
will  only  go  so  far  at  Boeing, 
Mclnnis  says. 

“H.323  is  not  scalable  enough  to 
fit  our  needs,  and  it’s  also  not  as 
[voice  and  video  convergent]  as 
perhaps  SIP  is,”  he  says. “We  want 
to  merge  video  with  VoIP  and  we 
can’t  do  that  very  well  today  on 
H.323.” 

The  other  factor  that  makes  SIP 
appealing  to  Mclnnis  is  interoper¬ 
ability.  “We’re  locked  into  the 
kinds  of  phones  we  can  use  with 
the  Cisco  [VoIP]  product,”  Mc¬ 
lnnis  says.  “We  want  to  get  away 
from  proprietary  protocols  and 
get  into  a  more  distributed  model 
for  telephony” 

Although  some  call  SIP  the 
communications  technology  of 
the  future,  detractors  say  it  will 
always  be  just  that  —  an  oft- 
talked-about  but  rarely  deployed 
technology  A  majority  of  enter¬ 
prise  VoIP  gear  is  based  on  H.323 
or  Media  Gateway  Control  Proto¬ 
col,  and  SIP’s  installed  base  is  rel¬ 
atively  small  compared  with  other 
VoIP  protocols.  Issues  also  remain 
with  SIP  such  as  how  to  make  it 
secure  and  interoperable  with 
firewall  and  network  address  tran¬ 


slation  technology  (NAT). 

“I  don’t  know  of  a  huge  amount 
of  activity  with  SIP  in  the  enter¬ 
prise  at  this  point,”  says  Tom 
Valovic.an  analyst  with  IDC.“Most 
[IP  PBXs]  deployed  in  enterprises 
are  H.323-oriented.  1  don’t  really 
think  SIP  is  playing  large  role  with 
the  exception  of  maybe  a  very 
large  enterprise.” 

An  IP  voice  system  based  on 
H.323  from  Avaya  is  being  in¬ 
stalled  at  The  Seattle  Times. 

“SIP  is  something  we’ve  been 
hearing  about,  and  reading 
about,”  says  Thomas  Dunkerley, 
the  newspaper’s  communica¬ 
tions  manager.  However,  his  de¬ 
partment  is  busy  enough  just  get¬ 
ting  IP  voice  off  the  ground,  he 
adds.“SIP  is  something  that  prob¬ 
ably  won’t  affect  us  for  a  while.” 

At  Avaya,  product  planners  say 
they  are  ready  to  put  SIP  in  the  en¬ 
terprise  now,  but  will  hold  off  on 
releasing  SIP  enterprise  gear  until 
users  like  Dunkerley  start  clamor¬ 
ing  for  it. 

“We  have  [IP  phones]  that  are 
SIP-capable,”saysVenkatesh  Krish- 
naswamy  a  VoIP  product  director 
with  Avaya.  “SIP  has  been  tested 
on  our  enterprise  IP  telephony 
gear  and  is  ready  for  the  enter¬ 
prise  today  [but]  we  just  aren’t 
seeing  a  demand  for  it.” 

Nevertheless,  VoIP  equipment 
and  services  vendors  were  anx¬ 
ious  to  push  their  SIP-related 
product  announcements  at  Voice 
on  the  Net. 

Ingate  introduced  a  firewall  that 
the  company  says  addresses  a 
glaring  security  problem  with  SIP 

“You  can’t  run  SIP  over  most  in¬ 
dustry-standard  firewalls,”  or  be¬ 
tween  sites  using  NATs,  says 
Steve  Johnson,  an  Ingate  vice 
president.The  Ingate  Firewall  is  a 
$2,500  box  that  would  sit  at  the 
edge  of  a  WAN  or  Internet  con¬ 
nection  and  provide  firewall  traf¬ 
fic  filtering  with  support  for  SIP 
VoIP  traffic.  According  to  the 
company,  the  box  supports  SIP 
on  dynamically  allocated  ports 
on  the  firewall,  which  can  allow 
businesses  to  pass  large  volumes 
of  calls  through  the  box,  as  op¬ 
posed  to  opening  a  specific  port 
on  a  firewall  for  VoIP  which 
could  leave  a  network  open  to 
intrusion. 

Aravox  and  Cisco  also  have  fire¬ 
wall  products  that  can  support 
VoIP  and  SIP 


■  Vendors  continued  to 
debate  on  IP  PBXs  at 
Hetwork  World's  forum  at 
Voice  on  the  Net.  PAGE  48. 


Conferencing  server  vendor 
Dial  demonstrated  SIP-based 
features  with  an  application  that 
integrates  voice  and  e-mail  by 
allowing  end  users  to  start  a 
conference  call  by  clicking  the 
names  of  conference  partici¬ 
pants  in  a  Outlook  directory. The 
eDial  server  then  rings  the  par¬ 
ticipants’  phones  to  join  the  call. 

Microsoft  demonstrated  the 
combined  IP  voice,  video  and  in¬ 
stant-messaging  features  of  the 
SIP-based  Windows  Messenger 
application,  released  last  fall  as 
part  of  Windows  XP 

“As  of  January,  there  were  1 7  mil¬ 
lion  Windows  XP  clients  out  there 
ready  to  start  using  [voice  over 
IP]  minutes,”  says  Jawad  Khaki,  a 
Microsoft  vice  president.  “The 


value  of  SIP  to  the  enterprise  in 
terms  of  new  applications  and  en¬ 
hanced  productivity  are  more 
than  enough  to  justify  the  infra¬ 
structure  changes  that  will  be 
necessary  to  support  it.” 

Pblycom  and  Pingtel  were 
among  IP  vendors  announcing 
hardware  and  software  IP  phones 
at  the  show. 

Fblycom  is  adding  SIP  to  its 
SoundFbint  500  IP  phone  and 
Soundstation  3000  IP  conference 
station.  Pingtel  introduced  a  soft¬ 
ware  version  of  its  IP  phone  that 
runs  as  a  Windows  desktop  appli¬ 
cation  and  requires  a  standard 
headset  accessory.  ■ 

Get  more  information  online. 
DocFiofcr  8945 
www.nwfuiioncom 


The  skinny  on  SIP 

Session  Initiation  Protocol  was  developed  in  the  mid-1990s 
by  the  Internet  Engineering  Task  Force  as  a  real-time  com¬ 
munication  protocol  for  IP  voice,  and  has  expanded  into 
video  and  instant-messaging  applications. 

In  voice,  the  protocol  performs  basic  call-control  tasks  such  as 
session  set  up  and  tear  down,  or  the  signaling  for  call  initiation, 
dial  tone  and  termination.  SIP  also  controls  other  signaling  for 
features  such  as  hold,  caller  ID  and  call  transferring.  Its  func¬ 
tions  are  similar  to  the  Signaling  System  7  protocol  in  standard 
telephony  and  H.323  or  Media  Gateway  Control  Protocol  in  IP 
telephony. 

According  to  SIP  proponents,  the  protocol  can  provide  con¬ 
verged  and  unified  communication  services,  such  as  voice  and 
video  conversations.  Like  HTTP,  SIP  is  a  text-based  protocol, 
which  makes  it  easy  to  write  applications  that  incorporate  the 

technology,  observers  say. 

The  SIP  model  for  telephony  puts  most  of  the  intelligence  for 
call  setup  and  features  on  the  SIP  device  or  user  agent  —  such 
as  an  IP  phone  or  a  PC  with  voice  or  instant-messaging  soft¬ 
ware.  That  lets  SIP  user  agents  provide  more  features  and  oper¬ 
ate  in  more  of  a  peer-to-peer  fashion.  The  method  is  different 
from  traditional  telephony  or  H.323-based  telephony,  where 
“dumb’'  phones  are  deployed,  with  most  call  processing  and  con¬ 
trol  intelligence  residing  on  a  centralized  phone  switch  or  server. 

—  Phil  Hochmuth 
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VeriSign  CEO  talks  about  strategy,  integration 


Public-key  infrastructure  pioneer  VeriSign  has  acquired  a 
dozen  companies,  including  dot<om  registry  Network 
Solutions  and  telephony  service  provider  illuminet,  over 
the  past  two  years.  VeriSign  CEO  Stratton  Sclavos  recent¬ 
ly  spoke  with  Network  World  Senior  Editor 
Carolyn  Duffy  Marsan  about  how  he  is  merg¬ 
ing  these  far-flung  operations  into  a  cohe¬ 
sive  set  of  network  services. 

It's  been  two  years  since  VeriSign  bought  Network 
Solutions  for  $21  billion.  Describe  the  progress  in 
merging  the  companies  and  their  products. 

What  we’ve  been  trying  to  build  over  the  last 
seven  years  is  a  company  that  can  provide  a  set 
of  infrastructure  services  that  everyone  needs 
and  that  are  a  important  component  in  doing 
commerce  and  communications  over  these  net- 
works.There  are  four  building  blocks  to  com¬ 
merce  in  a  physical  or  digital  world:  1) 

Finding  who  to  do  business  with;  2) 

Setting  up  a  trusted  relationship; 

3)  Communicating  securely.;  4) 

Transacting  business. 

Finding  who  to  do  business 
with  [refers  to]  domain 
names  and  other  Network 
Solutions’  services  that 
help  companies  estab¬ 
lish,  manage  and  moni¬ 
tor  a  presence  over 
the  network.  On  the 
trust  and  communi¬ 
cations  side,  that’s 
what  has  tradition¬ 
ally  been  VeriSign 
with  its  digital  authentication  and  digital  signature  services.  Once 
you  figure  out  how  to  communicate  securely,  you  can  transact 
business  through  our  payment  gateway 

What  new  products  have  stemmed  from  the  merger? 

We’re  developing  a  portfolio  of  services  so  we  can  offer  domain 
names  coupled  with  certificates  ora  single  managed  service  that 
helps  you  set  up  and  monitor  your  DNS  or  your  network  security 
In  the  second  half  of  this  year,  we’ll  be  introducing  a  secure  do¬ 
main  name  service  that  ties  a  certificate  to  a  domain  name  to 
make  it  unspoofable.A  few  weeks  ago,  we  announced  the  digital 
trust  services  framework  ...  for  making  all  of  VeriSign’s  identity 
and  transaction  services  [available]  through  XML  interfaces  and 
callable  by  Web  services  platforms  from  IBM,  Microsoft  or  BEA 
Systems.  From  an  enterprise  customer  perspective,  this  makes 
building  Web  services  much  easier. 

VeriSign  has  been  very  acquisitive  since  the  Network  Solutions  deal. 
What  have  you  done  to  combine  these  companies? 

We've  done  two  significant  acquisitions:  NS1  and  Illuminet. 
W?’ve  disclosed  seven  other  acquisitions  and  four  asset  pur¬ 
chases,  but  much  of  that  was  done  for  $5  million  here  or  $15  mil¬ 
lion  there. These  were  to  consolidate  our  position  in  a  market  we 
were  already  in.  About  the  middle  of  last  year,  it  became  more 
economical  for  VeriSign  to  acquire  a  few  chosen  [competitors] 
than  to  spend  marketing  dollars  to  go  after  their  customers.  While 
that’s  created  a  lot  of  noise  ...  it  was  cheaper  to  do  it  that  way.  For 


example,  when  we  bought  the  assets  of  CyberCash  we  doubled 
our  payment  business. 

How  well  have  you  absorbed  the  Illuminet  acquisition,  which  brought 
you  into  the  telephony  arena? 

That  deal  closed  Dec.  13.There  is  a  product  road  map 
we  talk  about  in  terms  of  bridging  voice  and  data 
networks. This  is  very  different  from  convergence. 
Will  voice  and  data  converge  some  day  and 
everything  will  be  on  an  IP  network?  We  think 
that’s  a  true  statement,  but  we  think  it’s  a  15-year 
time  frame.  There’s  a  huge  opportunity  for  our 
company  to  bridge  the  two  networks,  to  talk  IP 
on  one  end  and  [Signaling  System  7]  on  the 
other,  to  provide  fast  data  lookup  services  across 
both  worlds  and  new  location-based  services.  We 
see  trusted  network  services  . . .  that  deliver  mes¬ 
sages  from  one  client  to  another  regardless  of 
whether  it’s  instant  messaging,  [secure  messaging 
services]  or  e-mail.  And  we  add  that  special 
VeriSign  secret  sauce  around  security  to 


make  sure  the  message  wasn’t  changed 
along  the  way  You’ll  see  the  first  of 
NHk,  those  services  in  the  third  quarter. 


VeriSign  Global  Registry  Services 
is  your  cash  cow.  What  are  you 
doing  to  drive  new  technology 
into  the  dot-com  registry? 

When  we  bought  Network 
Solutions,  we  said  the  back-end 
registry  was  the  crown  jewel  of 
the  company  and  we  would  do 
many  things  with  it  beyond  DNS 
lookups.  [In  March]  we  started 
rolling  out  a  brand-new  infrastruc¬ 
ture  that  can  respond  to  multiple  types  of  lookups  for  payment 
information,  caller  ID  and  number  portability  This  has  been  a 
huge  [research  and  development]  project. At  the  end  of  last  year, 
we  had  proven  the  system  could  respond  to  different  protocols 
and  scale  to  100  billion  lookups  a  day  Today  in  our  current  net¬ 
work,  we’re  handling  more  than  5  billion  lookups  a  day  which  is 
more  than  the  phone  system  handles  and  more  than  the  credit- 
card  system  handles.  It’s  already  the  fastest  transaction  system  on 
earth. 

From  a  capital  perspective,  we  spent  $120  million  last  year  and 
[will  spend]  somewhere  in  the  order  of  $100  million  this  year 
and  next  on  the  registryA  third  of  that  investment  is  related  to  this 
new  infrastructure.  We  have  13  locations  today  where  DNS 
queries  are  handled.  We’re  going  site  by  site  and  putting  the  new 
infrastructure  in  with  the  old.  For  our  enterprise  customers,  this 
[investment]  gives  them  the  ability  to  buy  a  more  robust  set  of 
directory  and  lookup  services.  All  the  things  we  talked  about  in 
Web  services  are  going  to  need  fast  lookups. 

What  are  the  most  exciting  Internet  technologies  on  the  horizon,  and 
how  are  you  positioning  VeriSign  to  take  advantage  of  them? 

Web  services  will  create  a  new  generation  of  innovation  in  the 
industry  The  network  will  become  the  operating  system.  Software 
that  is  inherently  built  to  talk  to  other  software  ...  is  a  fundamen¬ 
tal  change  in  the  programming  model.  We’re  building  everything 
at  VeriSign  to  have  XML  interfaces. VeriSign  will  expand  it’s  set  of 
security  services  for  monitoring  PKI,  firewalls  and  VPNs.  ■ 
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Hie  NetVanta'  2000  Series  Iron  ADTRAN* 


In  choosing  your  VPN  access  solution,  consider  the 
NetVanta  2000  series  from  ADTRAN.  You’ll  get  secure, 
low-cost  connectivity  across  the  Internet,  with  the 
protection  of  a  stateful  inspection  firewall  and  the 
convenience  of  an  internal  router.  All  from  the  company 
that  sells  more  enterprise  connectivity  solutions  across 
more  service  technologies  than  any  other  vendor. 

The  NetVanta  2000  series  delivers  the  exact  VPN 
functionality  you  need  to  connect  remote  offices, 
telecommuters,  and  mobile  users  to  corporate  information 
resources,  securely  and  cost-effectively.  Backed 
by  a  full  five-year  warranty  and  unsurpassed 
technical  support  from  the  leader  in  connectivity, 
the  NetVanta  2000  series  is  one  of  the  most 
risk-free  decisions  you  can  make  for  VPN. 


ADTRAN.  Ask  for  it  by  name. 


For  a  free  VPN  technology  primer,  visit 
www.adtran.com/nw041 502 


Pick  ^7  P 


Standards-based 
VPN  gateways  with 
integrated  firewall 


Stateful  inspection 
firewall  protects  against 
cyber  attacks 


Internal  router 
supports  multiple  users 


Network  Address 
Translation  (NAT)  conceals 
private  IP  addresses 


Data  Encryption 
Standard  (DES)  or3DES 
secures  data 


Internet  Key  Exchange 
(IKE)  authenticates  users 


Web-based  configuration 
and  management 


Reliable  pre-  and 
post-sales  support 


Reassuring  five-year  warranty 


Office 


877.894.4614  Technical  Questions 
877.280.8416  Where  to  Buy 


Series:  VPN/Internet 
Security  Solutions 


Secure  communication 
over  Internet  and  IP 
networks 


Introducing  the  Mobile  Intel®  Pentium®  4  Processor  -  M. 


Do  more. 
Carry  less. 


Road  warriors  rejoice.  The  all-new  Mobile  Intel®  Pentium9’  4  Processor  -  M  is  here,  specifically 
designed  for  mobility.  Intel’s  Micro  FCPGA  packaging  technology  enables  thin  and  light  notebooks 
for  added  portability.  And  Enhanced  Intel  SpeedStep"  Technology  optimizes  application  performance 
for  long-lasting  battery  power.  For  more  about  the  fastest  mobile  processors  in  history,  visit 
www.intel.com/ebusiness/mobile. 
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NetworkWorld 


Infrastructure 


TCP/IP,  LAN/WAN  SWITCHES 
ROUTERS  ■  HUBS 
ACCESS  DEVICES  ■  CLIENTS 
SERVERS  ■  OPERATING  SYSTEMS 
VPNS  ■  NETWORKED  STORAGE 


■  Sun  last  week  launched  a  box 
to  fill  out  the  top  of  its  midrange 
server  line  and  compete  more 
effectively  with  IBM.  The  Sun  Fire 
12K  server  will  compete  against 
products  such  as  IBM’s  Regatta 
server,  which  Big  Blue  launched 
last  fall. 

The  Sun  Fire  12K  is  aimed  at  cus¬ 
tomers  looking  to  consolidate 
servers  and  move  applications  from 
mainframes  onto  servers,  Sun  says. 
The  12K  can  run  four  to  52  Ultra¬ 
SPARC  III  900-MHz  processors 
using  up  to  288G  bytes  of  memory 
per  server.  Sun's  12K  product, 
which  was  code-named  Starkitty,  is 
available  now  and  costs  between 
$599,000  and  $1  million,  www.sun 
.com 

■  l-Tech  recently  rolled  out  a  multi¬ 
protocol  analyzer  that  helps  cus¬ 
tomers  diagnose  and  troubleshoot 
problems  on  their  storage  net¬ 
works.  The  Satellite-32MP  Multi¬ 
protocol  Analyzer  can  diagnose 
Fibre  Channel  and  iSCSI  protocols. 
The  analyzer  uses  a  graphical  user 
interface  to  view  results  and  can 
monitor  from  eight  to  32  channels. 
The  product  with  eight  channels 
starts  at  $73,900  and  is  expected  to 
be  available  this  quarter,  www. 
i-tech.com 

■  EMC  improved  the  performance 
and  capacity  of  its  Clariion  storage 
systems  last  week.  The  company  is 
announcing  181G-byte  7,200-rpm 
and  36G-byte  15,000-rpm  disks  to 
complement  the  73G-byte  drives  its 
storage  arrays  already  use. 

The  new  disks  provide  9  to  22 
terabytes  of  capacity  per  system 
at  a  30%  lower  cost,  the  company 
says.  And  the  15,000-rpm  drives 
operate  more  than  twice  as  fast  as 
7,200-rpm  drives. 

The  18lG-byte  drives  are  available 

for  the  Clariion  FC4500  and 
FC4700  storage  systems;  the  366- 
byte  15,000-rpm  drives  are  available 

for  the  Clariion  FC5300,  FC4500 
and  FC4700  systems,  www.emc 
.com 


Lessons  from  Leading  Users 


IP  voice  the  cure  for  healthcare  system 


■  BY  PHIL  HOCHMUTH 

Advocate  Health  Care  has  a  sick 
phone  system,  but  Chicago 
area’s  largest  healthcare  pro¬ 
vider  hopes  to  get  better  fast  with  a 
new  IP-based  telecom  infrastructure 
from  Alcatel. 

Advocate  recently  signed  a  $15  mil¬ 
lion  contract  with  Alcatel  to  provide 
the  telecom  infrastructure  at  65  sites, 
including  eight  acute  care  and  two 
children’s  hospitals,  and  several  clin¬ 
ics  and  administrative  offices.  Based 
on  Alcatel’s  OmniPCX4400  hybrid 
IP/digital  phone  system,  the  new  tele¬ 
com  network  will  be  rolled  out  over 
the  next  four  years  and  is  expected 
to  save  the  group  thousands  of  dol¬ 
lars  per  month  on  intersite  phone  tie 
lines.  The  new  system  also  will  make 
management  easier,  while  providing 
a  platform  for  merging  IP  telephony 
with  other  applications  in  the  future. 

Like  many  healthcare  organiza¬ 
tions,  Advocate  grew  over  the  years 
through  mergers  and  acquisitions. 
Along  the  way  the  telecommunica¬ 
tions  group  inherited  a  diverse  set  of 
See  Advocate,  page  22 


Advocating  VoIP 


Advocate  Health  Care  is  installing  an  Alcatel 
VoIP  system  in  65  sites  in  an  effort  to  save 
thousands  of  dollars  on  phone  costs. 


Three  main  hospitals  will  host  redun¬ 
dant  OmniPCX4400s,  which  will  act  as 
a  single  virtual  phone  system. 


Redundant  Omni- 
PCX4400  IP  PBX 


Alcatel  digital 
phones 
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65  smaller  hospitals,  clinics  and  offices 
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Satellite  clinics  and  branch  offices  will  use 
IP  phones,  which  connect  to  the  voice 
network  as  if  they  were  attached  directly 
to  an  OmniPCX4400. 


Alcatel  IP  phones 


Cisco  shines  up  storage  router 


■  BY  DENI  CONNOR 

PALM  DESERT,  CALIF  —  IT  executives 
can  configure  and  manage  their  Cisco 
storage  routers  the  same  as  any  network 
router  with  enhancements  the  company 
has  made  to  its  storage  routing  device. 

The  SN  5420,  an  IP  storage  router  that 
transports  SCSI  data  over  an  IP  network, 
now  supports  virtual  LANs  (VLAN), 
authentication,  authorization  and 
accounting,  and  additional  management 
information  bases  (MIB).  Cisco  also 
added  AIX  and  HP-UX  server  capability  to 
its  support  for  Windows  NT/2000,  Solaris 
and  Linux  servers. 

The  idea  behind  the  SN  5420  is  to  meld 
storage  and  IP  networks  to  offer  potentially 


lower-cost  storage  network  options.  The 
two-port  device  sits  between  a  LAN  switch 
and  SCSI  or  Fibre  Channel  storage  devices, 
directing  traffic  between  those  storage 
devices  and  servers  equipped  with  Gigabit 
Ethernet  adapters  supplied  by  Cisco  and 
outfitted  with  iSCSI  driver  software. 

One  user  likes  the  5420  because  it  sup¬ 
ports  many  of  the  same  features  his 
Catalyst  6500  and  4000  routers  do. 

“We  already  have  Cisco  network  people 
on  staff,  and  it’s  our  expectation  that  we 
can  minimize  the  impact  on  the  support 
staff  by  using  features  we  are  already 
familiar  with”  says  Hossein  Shahrokhi, 
executive  director  of  IT  for  the  University 
of  Houston-Downtown. 

“Our  strategy  is  to  move  a  majority  of 


our  servers  to  a  storage-area  network  envi¬ 
ronment,"  he  says.“We  had  two  choices  — 
traditional  SAN  or  IP  SAN.  Given  that  we 
had  invested  significant  dollars  in  net¬ 
working  with  Cisco  primarily,  we  chose 
[the  SN  5420].” 

The  SN  5420  supports  the  VLAN 
Trunking  Protocol,  Remote  Authentication 
Dial-ln  User  Service  (RADIUS)  or 
TACACS+  authentication,  Fibre  Channel 
and  iSCSI  MIBs,  and  Cisco’s  own  Cisco 
Discovery  Protocol  (CDP). 

With  VLAN  support,  servers  connected  to 
the  router  can  share  the  storage  network 
but  only  have  access  to  specific  devices, 
eliminating  the  need  to  build  separate  net¬ 
works  for  different  departments. The  VI AN 

See  Cisco,  page  22 
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The  wireless  LAN  community  has 
been  remarkably  well-mannered  — 
at  least  from  an  analyst’s  perspective. 
Historically,  it  has  been  free  of  the  tech- 
no-infighting  that  has  caused  other  tech¬ 
nologies  to  languish  or  to  burn  precious 
resources  in  advancing  a  personal  cause. 
But  all  that  might  soon  change. 

As  the  wireless  industry  attempts  to 
move  beyond  its  initial  11M  bit/sec  stan¬ 
dard  offering,  there  appears  to  be  no  clear 
consensus  on  which  technology  will  rep¬ 
resent  the  future  of  high-speed  wireless 
LANs. 

While  the  wireless  marketers  have  done 
their  utmost  to  establish  Wi-Fi  as  the  stan¬ 
dard  nomenclature  for  wireless  —  just 
as  we  say  Ethernet  rather  than  802.3  — 


Wireless  civility  -  about  to  break  down? 


they  have  only  been  minimally  success¬ 
ful.  The  basic  technology  is  defined  by 
the  IEEE  802.11b  standards  group  — 
thus, “dot  1 1  b”  is  what  you’ll  typically  hear 
when  industry  analysts  want  to  get  spe¬ 
cific  and  let  you  know  that  they  are  talk¬ 
ing  about  campus  wireless  rather  than, 
say,  3G  cellular. 

Alphabet  soup 

Appropriately  enough,  it  is  this  alphabet 
soup  around  which  the  future  of  campus 
wireless  depends.  In  a  nutshell  —  it  all 
started  with  “b”  offering  1 1 M  bit/sec  trans¬ 
mission  speeds  using  2.4-GHz  radios. That 
was  first  to  market.To  begin  the  confusion, 
gear  based  on  the  “a”  standard  came  out 
some  years  later.  This  standard  defines 
communications  speeds  of  up  to  54M 
bit/sec  and  uses  a  radio  in  the  5-GHz 
range  —  nice  but  incompatible  with  “b” 
gear. 

Then,  last  fall,  the  IEEE  approved  work 
on  a  version  of  the  2.4-GHz  technology 
that  could  run  at  the  higher  rates  of“a"but 
would  be  compatible  with  “b.”  Got  it? 


(Hmmm  “b,”  “a,”  “g”  —  it’s  like  a  Ouija 
board  spelling  out  the  word  “baggage.”) 

Alphabet  soup  aside,  it  would  seem  that 
we  are  on  the  verge  of  a  battle  royale  the 
likes  of  which  we  haven’t  seen  since  the 
“Fast  Ethernet  vs.  lOOVG-AnyLAN”  war  of 
the  last  decade. 

The  parallels  are  frightening.Years  back, 
traditional  10M  bit/sec  Ethernet  (“b”  in 
our  story)  was  viewed  to  be  at  the  end  of 
its  useful  life  span.  The  “architecture”  had 
reached  its  limits  (or  so  it  was  thought). 

Industry  experts  offered  up  a  new, 
incompatible  technology  lOOVG-AnyLAN, 
as  the  future  of  wired  Ethernet.  In  our 
story,  this  is  the  “dot  a”  technology. 

Before  that  technology  could  take  hold, 
proponents  of  the  traditional  Ethernet 
standard  came  back  with  a  statement  say¬ 
ing,  in  essence, “we  are  not  dead  yet”  and 
proposed  Fast  Ethernet  based  largely  on 
the  10M  bit/sec  standard.  That  would  be 
the  still-in-design  “dot  g”  follow-on  2.4-GHz 
technology 

Like  then,  you  really  can’t  have  it  both 
ways.  As  much  as  the  wireless  vendors 


would  like  the  world  to  believe  that  they 
are  of  one  mind,  they  aren’t.  And, once  you 
work  your  way  through  the  details,  the 
higher-level  issues  become  clear. 

What  isn’t  clear,  though,  is  which  camp 
will  prevail.  It  would  be  overly  simplistic 
to  think  that  history  will  just  repeat  it¬ 
self.  While  similar,  the  situations  aren’t 
identical. 

The  2.4-GHz  solutions  are  forever  con¬ 
demned  to  share  that  bandwidth  with 
Bluetooth  devices  and  wireless  digital 
phones.  And,  to  date, “dot  g”  is  only  a  solu¬ 
tion  on  paper  —  products  are  perhaps 
nine  months  to  a  year  away 

To  their  credit,  “big  guys”  such  as  Cisco 
have  remained  agnostic.  Ironically,  that 
might  not  help  matters  as,  in  the  absence 
of  a  clear  direction,  the  wireless  LAN  mar¬ 
ket  might  become  a  rudderless  ship. 

Tolly  is  president  of  The  Tolly  Group,  a 
strategic  consulting  and  independent  test¬ 
ing  company  in  Manasquan,N.J.  He  can  be 
reached  at  ktolly@tolly.com  or  www 
.  tolly,  com. 
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voice  systems,  ranging  from  3  to 
25  years  old,  according  to 
Dianne  Bergen,  Advocate’s  tele¬ 
communications  manager. 

“We  had  just  about  one  of 
everything  you  could  buy  on  the 
market,”  Bergen  says.  The  result 
was  a  patchwork  phone  system 
that  was  not  easily  managed  and 
was  expensive  to  tie  together. 

“It  was  difficult  trying  to  pre¬ 
sent  our  voice  systems  as  a 
seamless  image  to  patients  and 
physicians  and  associates,” 
Bergen  says. “We  had  a  very  dif¬ 
ficult  time  doing  just  simple 
processing  from  site  to  site,  let 
alone  full  integration.” 

When  looking  to  upgrade  two 
years  ago,  Advocate  tested  prod¬ 
ucts  from  seven  different  ven¬ 
dors,  including  Avaya,  Nortel, 
Siemens  and  Cisco.  Bergen  says 
she  found  that  most  systems 
required  that  IP  be  deployed 
from  the  phone  switch  to  the 
desktop,  or  the  systems  were  just 
PBXs  with  IP  mixed  in  and  would 
be  tough  to  migrate  to  all  IP  in 
the  future,  Bergen  says. 

“The  Alcatel  platform  allows  us 
to  migrate  to  IP  over  time,” 
Bergen  says.“We  can  use  analog, 
digital  or  IP  where  we  see  a  best 
fit  for  each  and  where  we  get  the 
best  return  on  investment.”  Plus, 
she  adds,  “we  were  not  quite 
ready  for  a  whole  IP  voice  world 
in  one  shot." 

Alcatel  digital  and  analog  hand¬ 
sets  will  be  deployed  along  with 
OmniPCXs  in  Advocate’s  major 


hospitals  this  year  in  areas  such  as 
emergency  operating  and  recov¬ 
ery  rooms,  where  Bergen  says  she 
does  not  want  to  run  into  any  reli¬ 
ability  or  quality  issues.  However, 
IP  phones  and  Alcatel  remote- 

fcfc  The  Alcatel  plat¬ 
form  allows  us  to 
migrate  to  IP  over 
time. ...  We  were  not 
quite  ready  for  a 
whole  IP  voice  world 
in  one  shot  99 

Dianne  Bergen 

Telecommunications  manager, 
Advocate  Health  Care 


office  systems  will  be  deployed  in 
several  of  the  65  clinics,  satellite 
offices  and  other  sites  throughout 
the  Chicago  area.  Sites  with  just  a 
few  dozen  people  will  receive  IP 
phones  that  will  tie  back  to  the 
redundant  OmniPCX4400s  in  one 
of  the  three  major  hospitals. 

In  addition  to  providing  the  sin¬ 
gle  phone  system  Advocate 
sought,  Bergen  says,  the  telecom 
staff  will  save  hundreds  of  work¬ 
ing  hours  per  year  with  the  sys¬ 
tem’s  single  management  system 
for  adds,  moves  and  changes,  as 
opposed  to  running  around  from 
site  to  site,  changing  users  on 
dozens  of  disparate  PBXs  and 
key  systems.  The  telecom  staff 
also  can  monitor  overall  system 


performance  and  do  call  report¬ 
ing  for  the  first  time,  she  says. 

The  Advocate  network  last  year 
underwent  a  $14  million  LAN 
and  WAN  upgrade  —  Cisco 
Catalyst  6509  switches  were  in¬ 
stalled  along  with  a  fiber  in  the 
LAN  cores  of  its  major  hospitals. 
Catalyst  8400  WAN  switches  con¬ 
nect  the  hospitals  over  DS3  lines, 
which  connect  into  a  metropoli¬ 
tan-area  fiber  ring,  operated  by 
Sawis  Communications.  Cisco 
3000  routers  connect  smaller 
clinics  and  administration  build¬ 
ings  over  the  network  via  T-l 
lines. 

IP  will  be  a  big  factor  in  con¬ 
necting  OmniPCXs  together  at 
each  site,  says  Dan  Weegar,  IS 
director  at  Advocate.The  IP  PBXs 
will  be  trunked  over  the  hospi¬ 
tal’s  metropolitan-area  network, 
eliminating  the  $2,000-per-month 
charge  for  dual  T-l  voice  tie  lines 
connecting  each  site  and  provid¬ 
ing  up  to  half  (or  25M  bit/sec)  of 
bandwidth  vs.  the  1.5M  bit/sec 
on  the  T-l  lines. 

“With  IRwe  can  have  as  many 
number  of  IP  trunks  connecting 
the  PCX,”  as  opposed  to  the  dual 
T-ls  the  company  uses  now  to  tie 
its  PBXs  together,  Weegar  says. 
“They’ll  get  on  that  [DS3]  high¬ 
way  and  just  drive.” 

OmniPCX  will  let  the  hospital 
integrate  voice  into  its  plan  for  a 
centralized  employee  directory 
based  on  Lightweight  Directory 
Access  Protocol  (LDAP),  which  it 
uses  to  run  its  Sun  iPlanet  e-mail 
system. 

“Because  we  have  such  an 
extensive  network  [of  employ¬ 


ees]  ,  directories  become  out  of 
date,”  such  as  the  company’s 
employee  Web  directory,  Weegar 
says.  “With  LDAP  integration,  if 
telecom  makes  a  change,  that 
will  automatically  update  every 
director/’  Weegar  says  the  key¬ 
pads  and  text  displays  on  the  IP 
and  digital  Alcatel  phones  will 
let  end  users  look  up  directory 
names  from  a  phone. 

Advocate  also  will  deploy 
Alcatel’s  OmniTouch  IP  contact 


Cisco 
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Trunking  Protocol  automatically 
distributes  configuration  changes 
to  other  switches  and  routers  on 
the  network,  eliminating  manual 
entry 

The  RADIUS  and  the  Terminal 
Access  Controller  Access  Control 
System,  which  control  access  to 
the  storage  network,  both  use  the 
Challenge  Handshake  Authen¬ 
tication  Protocol  (CHAP).  CHAP 
consults  with  RADIUS  or 
TACACS+  to  validate  passwords. 
CDPa  media-  and  transport-inde¬ 
pendent  protocol,  is  used  on  all 
Cisco  routers,  switches  and 
bridges  and  lets  other  devices 
and  applications  discover  and 
view  Cisco  devices  via  SNMP 

In  addition  to  SNMP  manage¬ 
ment,  the  SN  5420  also  supports 
CiscoWorks  2000, Cisco’s  Network 
Management  product  suite. 

“The  approach  is  that  storage 
networking  just  becomes  part  of 
the  larger  network,"  Shahrokhi 
says.  “Storage  is  just  a  very  spe- 


center  application  in  its  two  cus¬ 
tomer  service  call  centers. 
OmniTouch  IP  call  center  soft¬ 
ware  will  give  Advocate  better 
integration  with  its  customer  ser¬ 
vice  Web  site,  Weegar  says,  and 
will  free  up  constraints  on  where 
call  center  workers  are  located. 

“The  fact  that  it  will  be  virtual 
lets  us  have  agents  working  at  the 
[call]  center,  from  a  remote 
office  or  even  telecommuting,” 
Weegar  says.  ■ 


cialized  subset  of  that.” 

At  present, only  Nishan  Systems 
offers  an  IP  storage  switch  —  the 
company’s  IPS  3000  and  4000 
switches  are  multiprotocol 
switches  with  iSCSI  and  Fibre 
Channel-over-IP  capability.  They 
have  eight  and  16  ports,  respec¬ 
tively,  compared  with  Cisco’s  one 
Fibre  Channel  and  one  Gigabit 
Ethernet  port. 

The  SN  5420  starts  at  $27,000 
and  is  available  now. 

Cisco:  www.cisco.com 
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Get  the  scoop  on  today’s  hot  storage  topic 
—  virtualization. 
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Our  Complete  Site  Management  Services  Mean  Better  Service  And  Lower  Costs. 
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Vendors  bolster  portal  intelligence 


■  Sonic  Foundry  last  week  unveiled 
its  media  management  software  suite, 
offering  to  help  companies  archive, 
organize  and  search  their  digital 
media  assets  and  publish  them  on  the 
Web.  With  MediaSite  Publisher  5.0, 
companies  can  use  their  video,  audio 
and  text  content  to  create  online  ref¬ 
erence  libraries,  marketing  and  train¬ 
ing  tools,  and  other  applications.  In 
addition  to  video  cataloging,  indexing 
and  publishing,  users  can  export  and 
import  textual  information,  such  as 
e-mail  and  notes,  into  a  data  index  to 
supplement  video  descriptions.  The 
XML  export  function  lets  other  search 
engines  reuse  the  media  data.  Pricing 
for  MediaSite  Publisher  Version  5.0 
starts  at  $25,000.  A  workstation  and 
server  for  publishing  to  the  Web  costs 
from  $50,000  to  $75,000,  the  company 
says.  The  products  are  available  now. 
www.sonicfoundry.com 

■  In  its  effort  to  beef  up  the  security 
of  its  software,  Microsoft  last  week 
made  available  a  free  tool  designed  to 
search  out  security  vulnerabilities  hid¬ 
ing  in  Windows-based  computers. 
Called  Microsoft  Baseline  Secu¬ 
rity  Analyzer,  the  tool  is  intended  to 
provide  users  with  an  easy  way  to 
check  their  systems  for  common 
problems  that  arise  when  computers 
are  configured  incorrectly.  After  scan¬ 
ning  a  system  with  the  tool,  users 
receive  a  security  report  card  that 
lists  all  the  holes  and  vulnerabilities 
found.  MBSA  does  not  download  and 
install  fixes  but  provides  instructions 
on  how  to  do  so.  The  2.5M-byte  tool 
can  be  downloaded  from  Microsoft's 
developer  Web  site  at  www.microsoft 
.com/technet/security/tools/Tools/mb 
sahome.asp.  It  can  be  installed  on 
Windows  2000  desktop  and  server 
operating  systems  and  the  Home  and 
Professional  Editions  of  Windows  XP. 
Users  also  must  have  Version  5.1  or 
higher  of  Internet  Explorer.  MBSA 
also  can  be  used  to  scan  for  security 
holes  on  Windows  NT  4.0, 2000  and 
XP;  Internet  Information  Server  4.0 
and  5.0;  SQL  Server  7.0  and  2000, 
Internet  Explorer  5.01  and  later;  and 
Office  2000  and  XP. 


■  BY  JENNIFER  MEARS 

The  commonwealth  of  Massachusetts 
was  tired  of  its  static  government-agency 
Web  pages.  It  wanted  to  provide  an  inter¬ 
active  portal  that  would  make  it  easier  for 
government  employees,  state  residents 
and  tourists  to  get  the  information  they 
needed. 

So  it  decided  to  use  portal  software  from 
Epicentric  as  the  framework  for  its 
statewide  initiative.  It  also  integrated  a 
content  management  system  from  Inter¬ 
woven  into  the  portal, giving  nontechnical 
officials  the  ability  to  update  content  as 
necessary 

“We  wanted  to  establish  an  enter¬ 
prisewide  government  portal,  but  we  also 
wanted  to  ensure  that  it  wasn’t  just  a  small 
subset  of  people  updating  information,” 
says  Bob  Nevins,  director  of  Mass.gov.  “In 
the  past  we  had  one  or  two  Web  develop¬ 
ers  within  each  agency  and  they  had  to 
send  files  to  the  IT  division  to  get  them 
posted. . .  .What  this  content  management 
software  will  do  is  get  us  out  of  the  busi¬ 
ness  of  being  the  middleman.” 

The  trend  of  combining  portals  with 
content  management  systems  is  growing 


among  businesses  as  they  recognize  that 
the  value  of  portals  lies  beyond  being  sim¬ 
ply  static  interfaces  to  a  range  of  informa¬ 
tion.  Portals  are  maturing  into  dynamic, 
interactive  entryways  to  the  content, 
applications  and  resources  that  keep  busi¬ 
nesses  running. 

As  a  result,  businesses  find  that  they 
need  a  streamlined  way  to  manage  the 
masses  of  content  that  they’d  like  to 
include  within  the  portal.  In  addition,  the 
content  needs  to  be  categorized  so  that  it 
is  searchable  from  within  the  portal. 
Content  management  systems  provide 
both  of  those  functions. 

Many  portals  offer  some  level  of  content 
management  capabilities,  analysts  say. 
Epicentric  and  Plumtree  include  content 
repositories  that  let  users  manage  content 
created  within  the  portal.  Plumtree  recent¬ 
ly  announced  the  release  of  Collaboration 
Server,  which  builds  on  technology  the 
company  acquired  from  content  manage¬ 
ment  software  maker  Hablador  to  give  por¬ 
tal  users  additional  features  such  as  work- 
flow  to  manage  the  creation  of  content. 

Glenn  Kelman,a  Plumtree  vice  president, 
says  businesses  can  expect  Plumtree  to 
continue  to  incorporate  Hablador  technol- 


Portals  and  content 

Here  are  some  issues  to  consider 
before  integrating  a  content  manage¬ 
ment  system  with  your  portal: 

•  Where  is  content  coming  from? 

If  you  plan  to  use  content  within  the  portal 
framework,  the  content  management 
capabilities  within  the  portal  may  suffice. 
If  you  bring  in  content  from  a  variety  of 
sources,  an  integrated  content  manage¬ 
ment  system  will  make  life  easier. 

•  Who’s  contributing  content? 

A  content  management  system  will  make 
it  possible  to  lift  the  responsibility  of 
creating  and  updating  content  off  your 
Web  development  team  and  put  it  into 
the  hands  of  business  users. 

•  What  are  you  doing  with  the  content? 

If  you  want  portal  users  to  be  able  to 
search  content  across  back-end  business 
resources,  a  content  management  system 
is  your  best  bet. 

ogy  into  its  product  and  roll  out  increas¬ 
ingly  sophisticated  content  management 
capabilities  by  year-end. 

See  Portals,  page  28 


Tivoli  to  improve  business  mgmt.  wares 

Management  software  helps  users  operate  more  efficiently. 


■  BY  DENISE  DUBIE 

AUSTIN, TEXAS  — Tivoli  Software  last  week  unveiled  a  revamped 
product  portfolio  that  the  company  says  will  help  its  customers 
more  closely  tie  IT  and  business  management  together. 

Tivoli  is  introducing  products  that  will  help  users  manage  tar¬ 
geted  aspects  of  their  business,  rather  than  specific  components 
such  as  routers  or  servers. 

One  new  software  offering,  IBM  Tivoli  Service  Level  Advisor,  will 
let  customers  track  how  well  a  service  is  delivered  to  end  users 
by  monitoring  all  the  components  comprising  the  applica¬ 
tion,  the  company  says.  Service  Level  Advisor  runs  on 
AIX,  Solaris,  Linux  and  Windows  2000  and  NT  servers, 
and  uses  Tivoli  —  and/or  a  third-party  vendor  — 
agents  distributed  throughout  a  customer’s  net¬ 
work  to  watch  a  process  from  user  request  to  ser¬ 
vice  delivery. 

The  software  pulls  agent  data  to  a  central  man¬ 
agement  console,  such  as  Tivoli  Enterprise  Console 
(TEC),  where  customers  can  track  the 
response  times  of  IBM  databases,  Web  and 
application  servers,  and  third-party  devices 
tied  to  the  service. TEC  also  got  an  overhaul 
with  this  release. The  network  management 


console  software  now  integrates  with  Tivoli’s  NetView  mainframe 
monitoring  software,  making  it  possible  for  users  to  manage  their 
legacy  mainframe  networks  alongside  their  distributed  networks. 

Beta  user  David  Hamilton  says  the  real  value  Tivoli  offers  is  in 
defining  the  processes  to  be  monitored.  As  director  for  telecom¬ 
munications  and  technical  services  for  Sutter  Health  in 
Sacramento,  Calif.,  he  says  helping  the  patient  care  professionals 
in  the  nonprofit  organization  define  how  they  need  the  network 
to  respond  makes  his  job  easier. 

“With  Service  Level  Advisor,  I  have  been  able  to  create  service 
levels  specific  to  specific  parts  of  Sutter’s  business,” 
Hamilton  says. “It’s  hard  to  tell  a  nurse  or  a  doctor  that 
despite  the  problems  they  may  have  had,  the  server 
was  available  for  99%  of  the  time. That  kind  of  infor¬ 
mation  doesn’t  matter  to  them.” 

Up  and  running  within  a  day  for  Hamilton, 
Service  Level  Advisor  collects  data  from  every  mon¬ 
itored  device  and  brings  it  back  to  a  central  console 
to  show  him  how  network  components  are  perform¬ 
ing.  Hamilton  says  he’s  working  with  Tivoli  to 
make  the  software  integrate  with  more  third- 
party  tools.“Out  of  the  gate.it  manages  other 
Tivoli  products,  but  I’d  like  to  be  able  to 

See  Tivoli,  page  30 
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Vice  President  of  Information  Services,  KinderCare  Learning  Centers 


We  don't  consider  HP  a  vendor,  we  consider  them 
a  partner.  They  know  where  we've  been— but 
more  important,  they  know  where  we're  going" ^ 
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children.  So  you'd  rather  not  spend  your  time  with  a  demanding  infrastructure.  And  while  this  is  true  in 

many  businesses,  it  rings  no  more  true  than  at  KinderCare  — because 
their  business  actually  is  children. 

So  when  it  came  time  to  relocate  their  headquarters,  KinderCare 
turned  to  a  partner  they  grew  up  with:  HP.  Already  working  in  an  HP 
environment,  KinderCare  systems  administrators  took  this  opportunity 
to  reevaluate  their  needs. 

With  over  1,100  locations  — and  growing  — they  needed  a 
scalable  solution  that  could  handle  more  than  the  current  300  users  at 
a  time.  After  all,  how  could  employees  provide  the  instant  gratification 
that  kids  desire  if  they  couldn't  get  it  themselves?  Updated  HP  servers 
and  HP  Critical  Systems  Support  did  the  trick. 

Now,  updates  that  used  to  take  hours  take  place  in  only  12 
minutes.  Which  means  KinderCare  employees  can  devote  even  more 
of  their  efforts  to  what  they  do  best:  teaching  and  caring  for  children. 

HP  infrastructure  solutions  are  engineered  for  the  real  world  of 
business.  Because  the  last  time  we  checked,  that's  where  we  all  work. 
Call  1.800.  H  PAS  KM  E,  ext.  246.  Or  visit  www.hp.com/go/infrastructure. 

Infrastructure:  it  starts  with  you. 
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Iroove  software  targets  enterprise  needs 


Control  factor 

Control  is  the  name  of  the  game  with  the  release  of  Groove 
2.0.  Key  to  this  control  is  Groove’s  Management  Server  and 
console,  which  support  these  features: 


Server  lets  administrators  provide  licenses  to  all  peer  members  and  lets  administrators 
track  current  domain  members  and  remove  individuals  from  the  management  domain. 


■  BY  JOHN  FONTANA 

BEVERLY,  MASS.  —  Groove  Net¬ 
works  this  week  will  make  its 
largest  commitment  yet  to  adapt¬ 
ing  its  collaboration  software  to 
satisfy  the  requirements  of  large 
companies. 

With  the  release  of  Groove  2.0, 
the  company  is  adding  three 
enterprise  servers  that  let  IT  exec¬ 
utives  manage  accounts  and  user 
identities,  control  the  quality  of 
service  (QoS)  of  Grooves  collab¬ 
oration  environment  and  inte¬ 
grate  enterprise  systems  into 
Groove’s  concept  of  a  virtual 
shared  space. 

Control  is  what  enterprise  users 
have  demanded  since  Groove 
debuted  its  peer-to-peer  client 
and  development  environment 
to  great  fanfare  nearly  three  years 
ago. 

“They  are  taking  a  strong  and 
elegant  technology  and  tailoring 
it  to  the  practical  needs  of  the 
enterprise,”  says  Dana  Gardner,  an 
analyst  with  Aberdeen  Group. 
“The  problem  was  relating  the 
technology  to  what  companies 
wanted  [peer-to-peer]  may  be  the 
technology,  but  companies  still 


want  some  degree  of  control.” 

Groove  officials  say  2.0  gives  it 
to  them. 

Version  2.0’s  Management  Ser¬ 
ver  lets  user  identities  be  man¬ 
aged  through  any  Lightweight 
Directory  Access  Protocol-com¬ 
pliant  directory  and  allows  for  the 
creation  of  trusted  domains  of 
users  and  central  control  of  use 


policies  for  components  within 
Groove. 

The  server  also  supports  reports 
that  give  a  snapshot  of  Groove 
usage  within  a  company 

Groove  also  has  built  in  its  first 
data  recovery  feature,  letting  IT 
executives  set  a  hidden  password 
on  accounts  so  data  can  be 
recovered  from  the  Groove  client 


of  a  departed  employee. 

Relay  Server,  a  sort  of  store-and- 
forward  router  that  encrypts  data, 
lets  administrators  control  client 
traffic  and  storage  limits,  and  adds 
a  QoS  element  to  the  Groove  en¬ 
vironment.  Relay  Server  is  needed 
for  Groove  deployments  on  a 
WAN  over  a  firewall  and  for  offline 
use  of  Groove  on  the  LAN. 

In  the  past,  Management 
Server  and  Relay  Server  were 
only  available  as  a  hosted  ser¬ 
vice  through  Groove,  an  option 
that  is  still  available. 

“We  have  seen  that  IT  wants  to 
control  the  deployment  and  man¬ 
agement  of  Groove  within  the 
enterprise  just  like  with  any  soft¬ 
ware,”  says  Richard  Eckel,  a  vice 
president  with  Groove. 

The  third  and  brand-new  piece 
is  Enterprise  Integration  Server, 
which  provides  a  framework  to 
create  server-based  connectors, 
called  Bots.to  enterprise  systems. 
Bots  let  systems  such  as  knowl¬ 
edge  management  and  enter¬ 
prise  resource  planning  (ERP) 
act  as  a  peer  in  the  Groove  col¬ 
laboration  environment.  For  ex¬ 
ample,  they  can  send  notifica¬ 
tions  when  events  are  triggered  in 


an  ERP  system. 

Groove  also  added  a  perfor¬ 
mance  feature  called  Binary  Diff, 
which  lets  the  Groove  client  pass 
in  real-time  only  the  data  that  has 
been  updated  in  a  document. 

In  addition.  Groove  has  added 
a  set  of  utilities  including  inte¬ 
gration  with  Microsoft’s  Outlook 
so  e-mail  threads  can  be  added 
into  a  Groove  shared  space,  an 
Update  tool  that  lets  documents 
be  shared  in  real-time  and  a  pro¬ 
ject  management  tool.  Groove 
also  has  integrated  its  develop¬ 
ment  environment  with  Micro¬ 
soft’s  Visual  Studio.Net, which  lets 
developers  create  .Net  applica¬ 
tions  that  use  the  synchroniza¬ 
tion  and  security  features  of 
Groove. 

The  Groove  standard  client  is 
priced  at  $50  and  the  Pro¬ 
fessional  version  at  $100.  Man¬ 
agement  Server,  which  runs  on 
Windows  2000  and  SQL  Server 
2000,  is  $20,000.  Relay  Server  and 
Integration  Server  are  each 
priced  at  $10,000  and  run  on 
Windows  2000.  All  are  available 
now. 

Groove:  www.groovenetworks 
.com 


Portals 

continued  from  page  25 

Kelman  agrees  with  executives  from 
other  portal  vendors  who  stress  that  part¬ 
nerships  with  content  management 
companies  will  continue  to  be  impor¬ 
tant  because  businesses  often  need  con¬ 
tent  management  for  more  than  just  the 
portal. 

“The  way  we  view  it  is  if  a  company 
wants  content  management  for  all  of  its 
back-end  systems,  Plumtree  isn’t  going  to 
be  the  best  solution  for  them.They  should 
use  one  of  our  partners,”  Kelman  says. 

Plumtree  partners  with  content  manage¬ 
ment  software  vendors  such  as 
Interwoven,  Documentum  and  Stellent, 
providing  out-of-the-box  integration  with 
those  content  management  systems. 
Epicentric  also  partners  with  a  range  of 
content  management  vendors. 

“Our  customers  have  content  manage¬ 
ment  capabilities  [with  the  portal], but  we 
often  find  that  they  have  several  different 
content  management  systems  and  they 
want  to  use  the  portal  to  bridge  across 
those,” says  Ed  Anuff,  co-founder  and  chief 
strategy  officer  at  Epicentric.  “So  within 
the  portal  you  might  be  seeing  content 
that  comes  from  both  a  Documentum 
and  an  Interwoven,  as  well  as  content 
management  from  Stellent,  and  also  utiliz¬ 
ing  content  from  Epicentric’s  internal  con¬ 


tent  management  systems,  all  side  by  side 
published  within  the  portal.” 

CoreChange  recently  announced  that  its 
portal  product,  CorePort,  would  integrate 
with  Microsoft’s  Content  Management 
Server.  “We  see  content  management  as 
one  of  the  single  biggest  challenges  fac¬ 
ing  our  customers,”  says  Sarah  Bassett, 
director  of  product  marketing  at 
CoreChange.  “When  you  bring  together 
the  portal  and  content  management,  what 
you  get  is  control  over  how  information  is 
presented  and  you  enable  business  users 
to  create  and  publish  their  own  content.” 

In  many  cases,  businesses  are  using  the 
portal  to  streamline  multiple  company 
intranets,  and  using  a  content  manage¬ 
ment  system  makes  it  easier  to  maintain  a 
consistent  look  and  feel  as  disparate 
deployments  are  unified,  analysts  say. 

“A  lot  of  people  start  with  a  portal  and 
need  to  consolidate  150  intranet  sites,” 
says  Rob  Perry,  an  analyst  with  The  Yankee 
Group.  “You  realize  that  to  really  connect 
those  together,  you’ve  got  to  have  consis¬ 
tency  about  how  content  is  tagged  and 
managed.  It’s  just  a  natural  evolution  of 
these  things  [portals  and  content  man¬ 
agement]  coming  together.” 

American  Electric  Power  (AEP)  in  Ohio 
turned  to  CoreChange  to  help  unify 
dozens  of  its  disparate  intranet  Web  sites 
into  one  portal  for  its  23,000  employees. 
William  Amurgis,  principal  Web  consul¬ 


tant  at  AEP  says  the  company  is  using  a 
homegrown  content  management  sys¬ 
tem. 

“But  in  all  likelihood  we  will  pursue  a 
content  management  system  because  we 
know  it  has  value,  especially  for  our  exter¬ 
nally  facing  portal. And  as  people  get  used 
to  using  the  homegrown  content  manage¬ 
ment  system,  they  will  start  to  outgrow 
that,”  Amurgis  says. 

One  drawback  about  content  manage 

II  This  content  manage¬ 
ment  software  will  get  us 
out  of  the  business  of  being 
the  middleman.  9  9 

Bob  Nevins 

director,  Mass.gov 

ment  systems,  Amurgis  says,  is  that  they 
can  be  costly  and  complicated  to  deploy. 
Content  management  vendors  are 
addressing  that.  FatWire  earlier  this  year 
announced  a  low-cost,  lightweight  version 
of  its  Java-based  content  management 
system  specifically  for  portals. 

FatWire’s  Spark  portal  Content  Manage¬ 
ment  (pCM)  includes  basic  department- 
level  content  management  functions  but 


can  be  easily  upgraded  to  full  enter¬ 
prisewide  capabilities.  Spark  pCM  is 
designed  to  work  with  BEA  Systems’ 
WebLogic  portal,  but  later  releases  will 
support  integration  with  portals  from  ven¬ 
dors  such  as  IBM,  Oracle  and  Sun. 

In  February,  Documentum  unveiled  its 
Portal  Integration  Pack  to  enable  the  fast, 
easy  integration  of  its  content  manage¬ 
ment  features  with  enterprise  portals 
such  as  Plumtree  and  Epicentric. 
Interwoven  focuses  on  open  standards  to 
allow  for  easy  integration  of  its  capabili¬ 
ties  with  virtually  any  portal,  says  Mark 
Hale,  director  of  content  technology  at 
Interwoven. 

“There  is  a  tremendous  amount  of 
demand,  within  the  last  four  months, prob¬ 
ably  five-  to  tenfold  increase  just  based  on 
my  personal  experience  with  customers,” 
Hale  says.  ’lt’s  been  significant.” 

Hank  Barnes,  chief  strategy  officer  at 
software  maker  Divine,  says  businesses 
with  portal  deployments  will  find  that 
content  management  is  what  ultimately 
makes  their  portals  a  success. 

“We’ve  believed  for  a  long  time  that 
content  management  and  portals  are 
naturally  intertwined.  Content  is  what  dri¬ 
ves  portals,"  he  says.  “You  might  have  a 
number  of  different  portals  within  your 
business,  but  all  of  them  require  up-to- 
date,  relevant  content  or  else  people 
won’t  use  them."* 


of  separation  between  making  a  plan  and  m 


Is  your  infrastructure  ready 
for  Web  services?  How  long 
before  you  see  results?  Can 
.NET  connected  software  make 
a  difference?  This  quarter? 

Get  the  answers  before  the 
questions  start. 
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Do  you  tell  anyone  when  your  com¬ 
pany  gets  hacked?  According  to  a 
FBI-run  survey  released  April  7,  peo¬ 
ple  increasingly  answer  this  question  “no.” 
This  is  clearly  not  good  news  if  there  is 
any  benefit  to  prosecuting  hackers.  It  also 
is  not  good  for  many  other  reasons. 

The  FBI  survey  was  the  seventh  in  an 
annual  series  and  involved  503  U.S.  gov¬ 
ernment  agencies  and  companies,  includ¬ 
ing  universities  and  medical  and  financial 
institutions.  Most  readers  would  find  the 
results  discouraging.  Almost  all  —  90%  of 
the  survey  respondents  —  said  their  com¬ 
puters  had  been  attacked  within  the  past 
year,  but  only  34%  said  they  reported  the 


Your  confession  is  good  for  us 


attacks.  The  high  level  of  attacks  is  not 
unexpected  actually  —  I  suspect  that  the 
percentage  is  not  higher  only  because 
some  attacks  were  not  detected.  But  the 
low  level  of  reporting,  even  lower  than 
what  was  found  last  year,  is  not  good  for 
the  security  of  the  ’Net. 

Attacks  are  frequently  not  reported 
because  of  a  fear  of  bad  publicity  and,  I 
expect,  because  of  a  fear  of  potential  lia¬ 
bilities  if  information  about  third  parties, 
such  as  customers,  was  exposed. 

But  there  is  real  money  involved  here. 
The  half  of  the  survey  respondents  who 
were  willing  to  talk  about  their  losses  said 
they  lost  an  average  of  $1.8  million  each 
because  of  these  attacks.  This  is  a  signifi¬ 
cant  increase  from  last  year. 

The  lack  of  companies  reporting  attacks 
makes  it  harder  for  authorities  to  identify 
patterns  of  attacks  or  to  prosecute  the 
attackers.  It  also  makes  it  harder  for  ven¬ 
dors  to  know  what  security  vulnerabilities 
to  work  on  and  harder  for  groups  such  as 


CERT  (www.cert.org)  to  develop  advice  on 
network  designs  or  device  configuration  to 
minimize  the  vulnerability  to  attackers. 

Doing  security  correctly  can  be  hard. 
Consider,  for  example,  the  U.S.  Department 
of  the  Interior.  Many  of  its  computers  are 
still  disconnected  from  the  Internet  four 
months  after  a  judge  ordered  them  to  be 
disconnected  until  they  were  secure.  But 
trying  to  get  security  right  in  the  dark  is 
even  harder. 

The  victims  in  many  of  the  attacks  were 
organizations,  but  there  were  often  other 
victims  as  well.  Personnel  records  on 
employees  and  histories  of  customer 
interaction,  complete  with  credit  card 
information,  were  also  exposed. 

It  is  not  good  for  society  or  in  the  long¬ 
term  interests  of  an  organization  to  not 
report  attacks  on  organizational  re¬ 
sources.  But  it  should  be  cause  for  crimi¬ 
nal  liability  (such  as  jail  time)  to  fail  to 
report  to  authorities  cases  where  informa¬ 
tion  about  third  parties,  including  employ- 
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ees,  customers  and  others,  has  been 
exposed.  It  also  should  be  cause  for  crim¬ 
inal  liability  to  not  individually  inform  the 
people  whose  information  was  exposed 
about  the  incident  and  the  level  of  expo¬ 
sure.  I  need  to  know  if  some  hacker  got  my 
credit  card  number  because  some  vendor 
Web  site  was  poorly  configured  or  was 
using  buggy  software  and  the  operators 
were  slow  to  apply  security  updates. 

When  you  are  in  the  middle  of  an  inci¬ 
dent  it  seems  quite  reasonable  to  keep 
potentially  embarrassing  news  out  of  the 
press.  But  think  twice.  Be  sure  that  cover¬ 
ing  up  for  an  attacker,  whether  a  disgrun¬ 
tled  employee  or  industrial  spy,  is  really 
the  right  thing  to  do. 

Disclaimer:  Because  Harvard  never  does 
anything  embarrassing,  the  above  must  be 
my  own  exhortation. 

Bradner  is  a  consultant  with  Harvard 
University's  University  Information  System. 
He  can  be  reached  at  sob@sobco.com. 


Funk  readies  wireless  LAN  security  package 


■  BY  ELLEN  MESSMER 

CAMBRIDGE,  MASS.  —  Funk 
Software  this  week  will  unveil  Odyssey 
a  wireless  LAN  authentication  server 
that  can  be  used  with  a  variety  of  ven¬ 
dors’  802.11  wireless  products  to 
ensure  that  users  properly  authenti¬ 
cate  their  identities  before  being  grant¬ 
ed  access  to  network  services. 

Odyssey  Version  1.0,  which  costs 
$2,500,  is  a  package  that  includes 
client  authentication  software  for 
Windows-based  PCs  or  laptops  run¬ 
ning  XR  2000,  98  or  Millennium 
Edition, and  a  second  component,  the 
Odyssey  Server,  that  runs  on  Win  2000  or 

xp’ 

The  Odyssey  server,  typically  housed  on 
an  Ethernet  LAN,  compels  each  user  with 
a  wireless  device  to  prove  identity  through 
a  password  or  other  means  defined  by  the 
challenge-response  mechanism  in  the 
IEEE  security  standard  802. IX. 

"The  IEEE  802.  IX  standard  from  last 
spring  introduced  requirements  for  mutu¬ 
al  authentication  between  the  client  and 
server  for  802. 11  a,  b, and  g,”says  Joe  Ryan, 
vice  president  at  Funk. “The  wireless  LAN 
adapter  cards  out  there  had  to  be  updated 
for  it,  and  many  of  the  major  vendors  have 
now  done  that,  such  as  Avaya,  Cisco,  Agere 
and  3Com.” 

A  change  of  scenery 

Funk,  which  for  a  decade  has  marketed 
its  Steel-Belted  Radius  line  of  authentica¬ 
tion  servers  for  large  companies  and  ISPs, 
decided  the  time  was  ripe  to  introduce  its 
first  wireless  LAN  authentication  server 
aimed  at  small  to  midsize  organizations 
putting  in  wireless  LANs. 

Like  the  other  Funk  authentication 


i  ([Wireless  LANs]  are 
terrifying  because 
they  open  new  vulner¬ 
abilities  that  you  have 
to  address.  1 1 

Michael  Franklin 

Network  manager, 

Colby-Sawyer  College 

servers,  Odyssey  takes  advantage  of  the 
Remote  Authentication  Dial-ln  User 
Service  authentication  protocol  for  trans¬ 
ferring  authentication  requests  between 
other  back-end  servers,  such  as  those  used 
for  hardware-based  token  authentication, 
where  specialized  servers  perform  a  user 
look-up  and  approval  process  and  transfer 
the  authentication  information  back 
through  RADIUS. 

The  competition 

Funk’s  Odyssey  competes  against  Cisco’s 
Secure  Access  Control  Server,  except  that 
Cisco  supports  proprietary  extensions  to 
the  Extensible  Authentication  Protocol 
(Cisco  calls  it  Lightweight  EAP),  which 
results  in  the  Cisco  ACS  only  working  with 
the  Cisco  wireless  LAN  equipment. 

EAP  is  an  IETF  protocol  defined  in  RFC 
2284  that  defines  multiple  authentication 
methods  such  as  passwords,  tokens, 
Kerberos  and  digital  certifications.  Other 
wireless  LAN  vendors  also  have  variations 
on  EAP  Cognizant  of  that,  Funk  is  carving 
out  a  role  for  Odyssey  by  supporting 
authentication  in  a  range  of  vendor  wire¬ 


less  LANs  and  802.1 1  client  software. 

“To  begin  with,  Microsoft  only  sup¬ 
ports  802. IX  EAP  in  XP  and  you  have 
to  use  Microsoft  digital  certificates  for 
authentication,”  Ryan  says.  Some 
organizations  might  prefer  passwords 
to  certificates.  And  they  also  might 
want  to  extend  wireless  LAN  authen¬ 
tication  to  users  of  older  versions  of 
Windows  without  802.  IX  embedded 
in  the  software.  For  that  reason,  Funk 
is  offering  802. IX  client  software, 
which  doesn’t  require  certificates,  for 
XRWin  2000,  98,  Millennium  Edition, 
and  later  in  the  year,  CE. 

No  certificates 

“We  didn’t  want  to  go  the  certificate 
route,”  says  Michael  Franklin,  network 
manager  at  Colby-Sawyer  College  in  New 
London,  N.H.,  which  has  been  a  beta-ver- 


Tivoli 

continued  from  page  25 

leverage  all  my  tools,”  Hamilton  says. 

Other  product  announcements  from 
Tivoli  include  the  IBM  Tivoli  Enterprise 
Data  Warehouse,  a  DB2-based  data  reposi¬ 
tory  that  will  be  built  into  future  Tivoli  soft¬ 
ware  free  of  charge.The  idea  is  to  let  users 
aggregate  systems  and  performance  man¬ 
agement  information  from  disparate  sys¬ 
tems  in  one  location  and  use  that  infor¬ 
mation  to  measure  the  impact  of  prob¬ 
lems  on  specific  parts  of  the  business. 

“The  availability  of  a  management  met¬ 
rics  warehouse  is  what  makes  this  version 
a  major  step  forward,”  says  Jean-Pierre 
Garbani.an  analyst  with  Giga  Information 
Group. 

Tivoli  also  unveiled  its  Switch  Analyzer, 


sion  customer  for  Odyssey  for  use  with 
Enterasys  Networks  and  Cisco  wireless 
LANs  on  its  campus. 

“And  1  have  multiple  vendor  wireless 
LAN  access  points,  so  I  can’t  really  use  a 
proprietary  approach,”  he  adds. 

Passwords  grant  a  “reasonable  level  of 
security,”  says  Franklin,  noting  Colby- 
Sawyer  College  will  stick  with  one 
authentication  type  to  start.  Wireless 
LANs  are  “terrifying,”  Franklin  says, 
“because  they  open  new  vulnerabilities 
that  you  have  to  address,”  such  as  the 
prospect  of  intruders  joining  a  LAN  with¬ 
out  authorization  and  gaining  access  to 
the  internal  network  if  you  don’t  authen¬ 
ticate  them. 

Funk  is  expected  to  add  802.  IX  security 
authentication  support  to  its  Steel-Belted 
Radius  server  line  by  June. 

Funk:  www.funk.com 


network  management  software  that  per¬ 
forms  autodiscovery  of  Layer  2  switches. 

Competitors  such  as  Computer 
Associates,  Hewlett-Packard,  BMC  Soft¬ 
ware  and  Managed  Objects  all  focus  on 
business  process  management  over  tradi¬ 
tional  network  management,  analysts  say 
Tivoli  products  are  available  now 
through  IBM  Passport  Advantage  purchas¬ 
ing  model, and  Service  Level  Advisor  costs 
$450  per  processor  with  maintenance 
included  for  the  first  year. 

Tivoli:  www.tivoli.com 


Network 

Management 

Subscribe  to  our  free  newsletter. 
Doc  Finder  5434  www.nwfusion.com 


1°  of  separation  between  your  business  hat  a 


3 

P 


Will  Web  services  change  the 
way  you  do  business?  Will 
integrating  them  with  your 
infrastructure  mean  starting 
over?  Can  .NET  connected 
software  get  you  there  faster? 

Get  the  answers  before  the 
questions  start. 

microsoft.com/enterprise 
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Microsoft 


Lucent  introduces  intelligent  optical  networking  solutions.  Solutions 
that  can  simplify  network  deployment  and  accelerate  upgrades.  That 
can  slash  your  operating  and  capital  costs.  And  provide  for  new  high- 
margin  services.  Our  new  LambdaXtreme™  Transport  leads  the  industry 
with  the  lowest  cost  per  Gbps/km  in  its  class.  And  you  can  provision  a 
wavelength  in  just  two  steps  rather  than  180.  The  revolutionary 
LambdaUnite™  MultiService  Switch  manages  different  types  of  traffic 
with  huge  potential  savings  in  time,  space  and  fiber.  To  help  protect 
your  metro  investment,  there's  our  extensive  Metropolis®  product 
portfolio,  which  allows  easy  migration  to  data  and  wavelength  services. 
And  the  LambdaRouter™  All-Optical  Switch  speeds  bandwidth  on  demand 
while  reducing  provisioning  time  by  up  to  90%.  All  of  which  can  help 
you  get  the  most  out  of  your  network.  Visit  us  at  www.lucent.com. 


Faster. 

Simpler. 

Intelligent 


optical  networking. 
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■  Teleglobe  Communications  has 

expanded  the  reach  of  its  IP  VPN 
service  to  95  cities  in  33  countries. 
The  carrier  launched  its  IP  VPN  ser¬ 
vice  in  July.  The  service  runs  over 
Teleglobe's  global  IP  fiber-optic  net¬ 
work  that  uses  Multi-protocol  Label 
Switching  to  support  class-of-service 
traffic  prioritization. The  carrier  has 
deployed  Cisco  and  Juniper  Net¬ 
works  gear  at  the  edge  of  its  network 
with  Cisco  gear  at  its  core.  Tele¬ 
globe’s  IP  VPN  service  is  expected  to 
be  available  in  150  cities  by  year-end. 
www.teleglobe.com 

■  Broadband  service  provider  M- 
power  Communications  formally 
filed  for  Chapter  11  bankruptcy  pro¬ 
tection  last  week.  Last  month  M- 
power  reached  a  deal  with  its  debt 
holders  that  would  see  those  parties 
get  an  85%  stake  in  the  company  in 
return  for  supporting  a  Chapter  11 
reorganization.  M power  plans  to  con¬ 
tinue  providing  service  to  its  approxi¬ 
mately  120,000  customers  during  the 
bankruptcy  proceedings. 


Telecom  competition  lives 

Despite  bankruptcies,  industry  experts  say  other  CLECs  are  succeeding. 


■  BY  MICHAEL  MARTIN 

High-profile  metropolitan  Ethernet  pro¬ 
vider  Yipes  Communications  joined  a 
parade  of  competitive  local  exchange  car¬ 
riers  by  filing  for  bankruptcy  protection 
last  month.  Several  more  CLECs,  including 
XO  Communications,  are  teetering  on  the 
brink. 

So  it  comes  as  some  surprise  to  see  a  pair 
of  recent  analyst  reports  assert  that  com¬ 
petition  in  the  business  telecom  market  is 
not  only  alive  and  well,  but  also  growing. 

How  can  competition  be  thriving  when 
so  many  competitive  carriers  have  gone 
belly  up? 

The  demise  of  so  many  CLECs  has  a  lot 
to  do  with  the  success  of  the  remaining 
carriers,  say  the  authors  of  the  studies 
from  The  Eastern  Management  Group 
and  The  Yankee  Group. 

“There  were  too  many  providers  in  the 
market  before  and  now  that  there  are 
fewer,  the  remaining  ones  are  becoming 
more  stable,” says  Robert  Saunders,  an  ana¬ 
lyst  with  The  Eastern  Management  Group. 
Instead  of  competing  with  one  another,  as 
they  were  in  the  past,  the  CLECs  now  can 
focus  their  attention  on  competing  with 


Service  with  a  smile 


Customers  who  have  switched 
to  a  CLEC  are  generally  happier 
with  the  customer  service  of 
their  new  provider. 


Percent  of  midsize-business 
respondents: 


Don't  know 

- 2% 

- Less 

satisfied 

7% 

same  15% 


SOURCE: THE  YANKEE  GROUP 


the  regional  Bell  operating  companies. 

Three  of  the  more  stable  CLECs  remain¬ 
ing  are  Allegiance  Telecom,  Time  Warner 
Telecom  and  NuVox  Communications, 
Saunders  says. 

Allegiance  focuses  on  selling  voice  and 


data  services  to  small-  and  midsize-busi¬ 
ness  customers  in  36  metropolitan  mar¬ 
kets.  Time  Warner  Telecom  targets  larger 
customers  in  44  metropolitan  markets  with 
a  variety  of  broadband  and  optical  offer¬ 
ings.  NuVox  serves  up  voice  and  data  to  30 
markets  in  the  Midwest  and  Southeast. 

A  number  of  smaller,  regional  players  are 
also  having  a  great  deal  of  success,  he  says. 

Michael  Lauricella,  an  analyst  with  The 
Yankee  Group,  says  Conversent  Commun¬ 
ications,  a  facilities-based  CLEC  serving 
New  England,  is  another  provider  enjoying 
some  success  in  growing  its  business. 

Both  reports  rely  on  Federal  Communi¬ 
cations  Commission  statistics  to  back  their 
claims  of  growing  competition.The  key  sta¬ 
tistic  is  the  growth  in  switched  access  lines. 
In  June  2001,  CLECs  reported  having  17.3 
million  of  the  nation’s  192  million  switched 
access  lines  —  up  16%  from  14.9  million 
access  lines  at  the  end  of  2000. 

According  to  the  FCC,  telecom  compe¬ 
tition  is  highest  in:  New  York,  where 
CLECs  provide  20%  of  the  access  lines; 
Texas,  where  they  hold  12%;  Massachu¬ 
setts,  with  11%;  and  Pennsylvania,  with 
10%  penetration. 

See  CLECs,  page  34 


Mirror  Image  looking  to  push  apps 

■  BY  JENNIFER  MEARS 


■  Earlier  this  month  WorldCom 
inked  a  10-year  deal  with  the  De¬ 
partment  of  Defense  to  provide 

WAN  services  for  the  Defense  Re¬ 
search  and  Engineering  Network. 

The  network  supports  more  than 
6,000  Department  of  Defense  scien¬ 
tists  and  engineers  throughout  the 
U.S.The  deal  might  be  worth  as  much 
as  $450  million.  WorldCom  will  provide 
a  private,  high-speed  network  that  will 
support  ATM  and  IPv6. 

■  U.K.  satellite  communications  com¬ 
pany  Inmarsat  has  made  its  in-flight 
Internet  access  service  available  to 
the  corporate  jet  market  and  expects 
to  do  the  same  for  commercial  air¬ 
lines  by  year-end.  Inmarsat  will  first 
roll  out  its  Swift64  service  with  ISDN 
Internet  access,  which  it  expects  to 
be  fully  operational  on  corporate  air¬ 
crafts  within  a  few  months.  Servers 
for  e-mail  connections  will  be  placed 
onboard  aircrafts  and  users  can  con¬ 
nect  to  the  service  over  their  laptops 
using  an  Ethernet  LAN  connection. 


WOBURN,  MASS.  —  As  content  delivery 
networks  evolve  to  handle  more  than  just 
static  content,  the  latest  service  provider  to 
move  in  a  more  sophisticated  direction  is 
Mirror  Image  Internet,  which  is  latching  on 
to  the  Web  services  bandwagon. 

The  content  delivery  company  recently 
announced  plans  to  enhance  its  network 
of  content  access  points  (CAP)  to  support 
content  and  applications.  It’s  doing  so  by 
supporting  Microsoft’s  .Net  and  Sun’s  Java 
2  Platform  Enterprise  Edition  within  its 
CAP  servers.  This  will  let  customers  or 
Mirror  Image  centrally  manage  Web-based 
applications,  and  establish  support  for  Web 
services  standards  such  as  XML,  Simple 
Object  Access  Protocol,  Web  Services 
Delivery  Language  and  Universal  Descrip¬ 
tion,  Discovery  and  Integration. 

“We’re  driving  hard  now  to  push  into  the 
next  world  that’s  moving  beyond  display 


elements  into  application  delivery/’  says 
Bob  Hammond,  a  senior  vice  president  at 
Mirror  Image.  “We’re  going  to  the  applica¬ 
tion  layer  and  starting  to  provide  services 
so  that  applications  can  talk  with  applica¬ 
tions  on  the  Internet." 

However,  the  question  is  whether  Mirror 
Image  customers  will  take  to  the  idea.Sean 
Armstrong,  senior  Internet  manager  at 
Network  Intelligence,  formerly  Open- 
Systems,  is  intrigued  by  the  prospect  of 
using  Mirror  Image  to  deliver  applications. 
The  network  intelligence  software  maker 
uses  Mirror  Image  to  deliver  its  software 
downloads. 

“It  would  leverage  the  size  and  speed 
of  Mirror  Image’s  infrastructure  to  allevi¬ 
ate  the  load  balancing  and  single  point 
of  failure  concerns  I  have  with  our  cur¬ 
rent  Web  infrastructure,”  he  says. 

But  until  the  standards  for  Web  services 
become  better  defined,  Armstrong  says  he 
won’t  invest  the  time  and  resources  in  writ¬ 


ing  applications  designed  for  the  Web. 

“I  am  holding  off  until  all  of  the  details 
are  hashed  out,  the  language  is  available 
for  me  to  learn  and  it  has  been  proven  bul¬ 
letproof,”  he  says.  “A  Webmaster  releasing 
control  of  the  Web  server  to  an  outside  ser¬ 
vice  is  a  big  leap  of  faith  and  one  that  I’m 
not  ready  for  yet." 

Still,  analysts  predict  that  as  Web  services 

See  Mirror  Image,  page  34 
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See  where  content  delivery  networks  are  headed. 
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The  combined  market  share  of  the  top 
four  U.S.  providers  is  about  75%,  and 
of  these  leaders,  no  individual  share 
exceeds  the  mid  20s. 

To  minimize  roaming  costs,  providers  ex¬ 
panded  their  geographic  footprints  by  buy¬ 
ing  or  swapping  spectrum,  or  through  alli¬ 
ances.  Until  recently  roaming  was  primarily 
on  analog  service.  But,  high-speed  data 
must  remain  on  a  compatible  digital  infra¬ 
structure;  it  cannot  be  supported  by  analog 
or  2G  data  such  as  Cellular  Digital  Packet 
Data. 

Therefore,  the  expansion  of  the  2.5G  digi¬ 
tal  footprint  is  critical,  and  is  a  key  motiva¬ 
tion  behind  Verizon’s  intentions  to  convert 


Roaming  fees  critical  for  high-speed  wireless  data 


100%  of  its  network  to  CDMA/lxRTT  ser¬ 
vice  and  Cingular’s  announced  GSM/ 
GPRS-related  joint-venture  plans  with  AT&T 
Wireless  and  VoiceStream. 

Prices  for  intracarrier  wireless  data  ser¬ 
vices  take  two  forms: Verizon  offers  minute- 
based  and  megabyte-based  prices.  In  con¬ 
trast,  AT&T  Wireless  and  Cingular  offer  bun¬ 
dles  of  megabyte-based  prices.  In  all  cases, 
the  higher  the  volume  purchased  in 
advance,  the  less  expensive  the  price  per 
megabyte.  At  the  top  end, a  $200  per  month 
service  buys  200M  bytes.  At  the  low-volume 
end,  the  price  is  as  high  as  $8  per  megabyte 
— with  a  2M-byte  minimum. 

Unlike  users  in  most  other  countries,  the 
sender  and  the  receiver  of  information  will 
be  billed  —  a  nice  arrangement  for  U.S. 
mobile  carriers.  But,  what  about  cross-ser¬ 
vice  (GPRS/lxRTT),  multiprovider  multi¬ 
protocol  roaming? 

Apart  from  standardized,  intracompany 
applications,  it  is  reasonable  to  expect  that 
while  transmitting  short  messages,  individ¬ 


uals  might  send  and  receive  messages  to 
users  of  other  providers  —  on  average,  70% 
to  80%  of  the  time. 

Canadian  providers  have  solved  this  by 
agreeing  to  use  the  same  technology  to 
support  multiprotocol,  intercarrier  Short 
Message  Service  (SMS), courtesy  of  CMG 
Wireless  Data  Solutions. 

Unlike  Canada,  no  single  cross-technol¬ 
ogy  bridging  platform  has  been  embraced 
in  the  U.S.  Every  major  provider  we  spoke 
with  says  it  is  working  on  this,  but  let’s  be 
clear  about  what  it  will  take:  Each  bilateral 
agreement  must  be  negotiated  separately 
and  must  tackle  a  number  of  thorny  issues, 
including  interoperability  and  intercarrier 
roaming/settlement  fees. 

Compared  with  the  Canadian  approach, 
any-to-any  connectivity  will  take  longer  to 
materialize  —  no  less  than  six  agreements 
must  be  crafted  between  the  top  four 
providers. 

The  addition  of  a  fifth  provider  —  for 
example,  the  incumbent  national  GSM- 


GPRS  provider  VoiceStream  —  would 
require  an  additional  four  agreements.The 
addition  of  a  sixth  provider  would  require 
five  more  contracts.  And  on  it  goes. 

And  because  it  is  unlikely  that  intercar¬ 
rier  settlement  fees  will  be  set  at  a  uni¬ 
form  rate  (or  structure),  each  primary 
mobile  carrier  must  mask  differences  in 
roaming  fees  on  subscriber  bills  if  it 
wants  to  encourage,  not  discourage,  use 
of  mobile  data  applications. 

The  paradox  is  that  although  not  dis¬ 
cussed  by  many  U.S.  providers,  the  price 
of  intracarrier  messages  might  be  one  of 
the  least  important  considerations  when 
shopping  for  a  SMS  provider  in  the  U.S. 
One  of  the  most  important  considera¬ 
tions,  especially  for  SMS,  will  be  the  pri¬ 
mary  provider’s  roaming  partners,  and 
applicable  fees. 

Pierce  is  a  research  fellow  at  Giga  Infor¬ 
mation  Group.  She  can  be  reached  at 
lpierce@gigaweb.  com. 
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■  PROFILE:  MIRROR  IMAGE  INTERNET 

Location:  Woburn,  Mass. 

Founded:  1997 

Product:  Delivers  content  from  the  edge  of  the  Internet  using 
its  global  network  of  content  access  points. 

Financing:  Principally  owned  by  Internet  holding  company 
Xcelera. 

Employees:  150 

Competitors:  Akamai  Technologies,  Speedera  Networks,  Digital 
Island. 

* 
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gain  better  footing  of  content  delivery 
networks  —  originally  designed  to 
speed  the  delivery  of  static  images  in 
Web  sites  —  they  will  play  a  crucial 
role  in  how  businesses  move  applica¬ 
tions  over  the  Web.  Akamai 
Technologies,  for  example,  recently 
announced  a  partnership  with 
Microsoft  to  develop  support  for 
Microsoft’s  .Net  platform  so  that  Web 
services  can  be  deployed  from 
Akamai’s  network  of  caching  servers 
at  the  edge  of  the  Internet. 

However  at  this  point  most  analysts  agree  that  there  is 
more  hype  than  substance  behind  the  concept  of  Web 
services,  which  basically  consist  of  application  com¬ 
ponents  that  can  interact  with  each  other  on  the  fly. 

Uncertainty  also  exists  about  which  Web  services  will 
lend  themselves  to  delivery  over  a  CDN. 

“The  question  remains:  Which  applications  are 

it  The  question  remains:  Which 
applications  are  suited  to  be  distrib¬ 
uted  or  delivered  through  an  over¬ 
lay  network  of  CDN  services.  9  9 

Greg  Howard 

Principal  analyst,  High  Tech  Resource  Consulting 
Group 

suited  to  be  distributed  or  delivered  through  an  over¬ 
lay  network  of  CDN  devices," says  Greg  Howard,  prin¬ 
cipal  analyst  at  High  Tech  Resource  Consulting 
Group. 

For  its  part,  Mirror  Image  is  targeting  its  new  services 
to  companies  in  the  financial,  media,  retail,  manufac¬ 
turing  and  travel  industries.  In  addition,  the  new  Web 
Serv  ices  Delivery  Gateway  appliance  that  provides 
centralized  management  of  applications  will  enable 
businesses  to  handle  some  of  the  sticky  issues  sur- 
rounding  Web  services  such  as  security,  monitoring 


and  billing,  Hammond  says. 

Moreover,  the  new,  enhanced  services  make  it  possi¬ 
ble  for  companies  to  develop  and  host  Web-based 
applications  with  Mirror  Image, reducing  infrastructure 
and  staffing  demands  internally,  Hammond  says. 

Mirror  Image  executives  say  their  network  is  well- 
suited  to  support  application  delivery  because  of  its 
architecture,  which  differs  from  competitors’ such  as 
Akamai  Technologies’  and  Speedera  Networks’. 
Akamai  and  Speedera  have  installed  thousands  of 
edge  servers  on  hundreds  of  public  networks  around 
the  world. 

On  the  other  hand,  Mirror  Image  has  fewer  than 
two  dozen  CAPs  in  the  U.S.,  Europe  and  Asia. These 
CAPs  include  servers,  routers,  databases  and  other 
hardware  and  software,  which  Mirror  Image  execu¬ 
tives  say  give  customers  more  processing  power  at 
the  edge. 

“Rather  than  delivering  static  content  as  has  been  the 
core  of  content  distribution,  now  we’ll  have  a  situation 
where  you’re  actually  going  to  be  storing  executables 
out  at  the  edge  of  the  network,”  says  Scott  Bishop,  mar¬ 
keting  director  at  Mirror  lmage.“We’ve  prided  ourselves 
on  our  gargantuan  CAPs  at  the  aggregation  points  [of 
the  Internet]  that  include  a  lot  of  computer  power  and 
storage.” 

Howard  agrees  that  the  Mirror  Image  architecture  is 
well  designed  to  support  applications,  “but  the  ques¬ 
tion  remains  what  are  those  applications  going  to  be 
and  where  are  the  customers?" 

Mirror  Image:  www.mirror-image.com 
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The  recent  run  of  bankrupt¬ 
cies  may  have  hurt  the  repu¬ 
tation  of  CLECs  in  some  cir¬ 
cles,  but  often  a  customer  of 
a  bankrupt  CLEC  will  look  for 
another  CLEC  when  it  search¬ 
es  for  a  replacement  pro¬ 
vider,  Saunders  says. 

“They  get  used  to  the  price. 
They  think  the  service  is  better, 
and  they  like  the  idea  of  an 
integrated  access  service,”  he 
says. 

Integrated  access  services  are 
offerings  that  allow  businesses 
to  get  their  voice  and  data  over 
one  connection,  even  though 
the  voice  and  data  may  be  trav¬ 
eling  over  separate  channels. 
For  example,  a  competitive  car¬ 
rier  could  bring  a  T-l  line  into  a 
business,  dedicate  12  channels 
to  voice  and  the  other  12  chan¬ 
nels  to  data. 

The  RBOCs  don’t  offer  com¬ 
parable  services,  Yankee 
Group’s  Lauricella  says.  And 
because  integrated  access  ser¬ 
vices  are  cost-efficient  for  the 
competitive  carriers,  they  allow 
the  CLECs  to  differentiate 
themselves  from  the  incum¬ 
bent  providers  on  pricing,  with¬ 
out  forcing  the  CLECs  to  sell 
the  services  at  a  loss. 

Another  area  that  sets  the 
CLECs  apart  from  the  RBOCs  is 
customer  service.  According  to 
Yankee  Group  research,  CLEC 
customers  usually  are  happier 
with  the  customer  service  they 
get  from  their  new  provider. 

“The  CLECs  are  smaller  and 
very  focused  on  the  market 


It  [CLEC  customers] 
get  used  to  the 
price.  They  think  the 
service  is  better, 
and  they  like  the 
idea  of  an  integrated 
access  service.  9  9 

Robert  Saunders 

Analyst,  Eastern  Management 
Group 

they  serve,"  Lauricella  says.’The 
RBOCs  have  a  large  customer 
base  [and]  a  variety  of  prod¬ 
ucts  to  sell, and  they  often  have 
a  harder  time  getting  a  focus.” 

While  the  CLECs  are  having 
some  success  winning  over 
enterprise-class  customers, 
most  of  their  business  is  still 
generated  by  midsize  compa¬ 
nies  with  1,000  or  fewer 
employees,  Lauricella  says. 

Telecom  competition  might 
be  increasing  now,  but  there’s 
no  guarantee  it  will  continue  to 
do  so. 

Legislation  affecting  whole¬ 
sale  access  rates  on  incumbent 
networks,  such  as  the  Tauzin- 
Dingell  bill  before  the  U.S. 
Senate,  could  have  a  dramatic 
impact  on  whether  competi¬ 
tive  providers  thrive  or  die, 
Lauricella  says. 

“But  to  say  that  all  of  these 
companies  are  going  to  be 
bankrupt  tomorrow  is  really 
premature,"  he  adds.  ■ 


Is  your  VPN 

MM  I  ri  ® 


keeping  you  on  a  pretty 

fjglti  M' 


Presenting  IPVia™  Network  Security  Solutions. 

A  lot  of  VPN  solutions  seem  to  be  pretty  good  at  one  thing:  keeping  you  inside  when  everybody  else  has  gone  out  to  play.  Wouldn't  it  be 

great  if  you  could  give  all  your  users  secure  access  to  the  corporate  network  —  anytime,  anywhere  —  without  having  to  stay  in  and  manage 
everything?  Presenting  IPVia  Network  Security  solutions  for  virtual  private  networks.  Sometimes,  when  you're  traveling,  you  have  to  get  creative 
to  get  an  Internet  connection  to  work  for  you,  securely.  The  IPVia  Secure  Network,  the  first  solution  offering  in  this  family,  lets  your  remote 
users  get  on  the  corporate  network  any  way  they  want  over  the  Internet  —  and  still  be  secure.  The  smart  client  even  includes  a  personal  firewall. 
Compared  to  a  lot  of  competing  products,  IPVia  management,  configuration  and  deployment  of  VPNs  is  a  walk  in  the  park.  No  matter  how 
ungainly  your  network  is,  you  won't  need  to  send  out  a  tech  to  set  up  a  remote  office  for  secure  access.  In  fact,  it's  so  easy  to  manage  that  you 
can  handle  hundreds  of  individual  VPN  networks  with  literally  thousands  of  gateways  and  mobile  users  ...  all  from  your  desktop. 

So  lose  that  VPN  leash  and  take  off!  Just  don't  bring  the  ball  back  all  wet  and  slimy.  Find  out  more  at  www.ssh.com. 
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Tel  (650)  251  2700  •  Fax  (650)  251  2701  •  1076  East  Meadow  Circle,  Palo  Alto,  CA  94303 
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ut  features  carry  the  day. 


Sifting  through  managed  IP  VPN  options 


■  BY  DENISE  PAPPALARDO 

Most  carriers  have  a  managed  IP  VPN  offering  of  some 
kind  that  features  services  ranging  from  dedicated  secure 
site-to-site  networking  over  one  IP  backbone  to  secure 
remote  access  over  the  Internet. 

But  sorting  through  these  options  can  be  daunting. 

What  follows  are  the  experiences  of  three  users. 

The  Cystic  Fibrosis  Foundation  contracted  with 
WorldCom  18  months  ago  to  deploy  a  site-to-site  VPN  that 
replaced  a  dial-up  system  the  nonprofit  group  was  using 
to  communicate  between  CFF  chapters. 

More  than  300  CFF  employees  were  accessing  the  cor¬ 
porate  network  through  a  bank  of  dial-up  modems.“That 
was  really  not  effective  and  didn’t  make  sense,” says  CIO 
Greg  August.“It  was  impossible  for  folks  to  stay  in  touch 
and  operate  in  this  day  and  age.” 

The  foundation’s  VPN,  which  is  based  on  WorldCom’s  IP 
VPN  Dedicated  Fully  Managed  service,  connects  50 
remote  chapters  over  the  carrier’s  Internet  backbone.  Each 
site  has  a  Lucent  AccessFbint  router  that  supports  up  to 
168-bit  encryption.  Each  chapter  is  connecting  to  CFF’s 
main  site  in  Bethesda,Md.,viaT-ls  or56K  bit/sec  lines. 

Once  employees  connect  to  the  corporate  network  they 
often  are  going  back  out  to  the  Internet  or  another  private 
network  to  reach  one  of  four  application  service 
providers  (ASP)  that  are  used  by  CFF 

“We’re  trying  to  outsource  as  much  of  our  technical 
capabilities  as  possible,”  August  says.“We  don’t  want  to 
have  to  retain  a  large  IT  staff,  and  outsourcing  allows  us  to 
keep  our  eye  on  the  ball  of  fundraising.” 


fcIWe  were  investigating 
DSL  and  went  pretty  far 
down  that  path,  but  there 
were  a  lot  of  problems.  1 1 


Ray  Pineau 

Vice  president  of  engineering  and 
production,  Captivate  Network 


“We  can  now  capture  our  financials  much  more  effec¬ 
tively  day-to-dajf  he  says. “Transactions  at  the  chapter  level 
. . .  now  flow  up  to  the  national  level  right  away 

The  organization  also  has  deployed  videoconferencing 
over  its  VPN  using  gear  from  Fblycom.a  move  that  has  re¬ 
duced  travel  expenses  by  $20,000  per  year. 

CFF’s  help  desk  also  runs  more  efficiently  since  the  IP 
VPN  was  implemented,  August  says.The  help  desk  runs 
remote-control  applications  when  working  with  employ¬ 
ees  on  desktop  issues.“Before  it  was  like  the  blind  leading 
the  blind  trying  to  figure  out  what  was  happening  on  a 
user’s  PC, “he  says. 

Despite  these  benefits,  an  IP  VPN  service  wasn’t  CFFs 
first  choice.  After  exploring  low-speed  frame  relay  net¬ 
work  sen  ices,  CFF  selected  WorldCom’s  fully  managed 
service  because  it  was  easier  to  support  and  more  cost- 
effective,  August  says.“DSL  to  frame  really  wasn't  there 


I  fc We’re  trying  to  outsource  as  much  of  our  technical  capabilities 
as  possible.  We  don't  want  to  have  to  retain  a  large  IT  staff,  and 
outsourcing  allows  us  to  keep  our  eye  on  the  ball  of  fundraising.  9  9 

Greg  August 

CIO,  Cystic  Fibrosis  Foundation 


when  we  looked  at  it.  It  was  hard  to  manage,”  he  says. 

While  the  initial  deployment  went  well,  August  says 
there  were  some  “interesting”  network  address  translation 
issues  that  WorldCom  had  to  work  through.“We  have  a 
complex  environment  because  of  the  number  of  ASPs 
we’re  working  with,”  he  says.“But  WorldCom  has  been 
able  to  accommodate  us  effectively’ 

Although  August  says  WorldCom’s  service  rates  were  in 
line  with  his  expectations,  he  adds  that  IP  VPN  services  in 
general  remain  “vastly  expensive.”  But  August  declined  to 
provide  specifics  on  his  monthly  service  expenses. 

Serving  a  captive  audience 

While  CFF  is  using  its  IP  VPN  to  improve  communica¬ 
tion  among  remote  offices,  Captivate  Network  is  using 
one  to  deliver  services  to  its  customers. 

Captivate  offers  video  content  on  flat-panel  screens  in 
elevators  of  high-rise  office  buildings  around  the  country 
The  company  has  about  4,000  screens  in  North  America. 

Captivate  started  looking  a  year  ago  for  a  dependable 
network  option  to  support  delivering  content  to  nearly 
300  buildings  in  large  metropolitan  areas  such  as  Chi¬ 
cago,  New  York,  Boston,  Los  Angeles  and  San  Francisco. 
Qwest  Communications  was  one  of  a  few  providers  that 
met  the  company’s  network  needs,  says  Ray  Pineau,  vice 
president  of  engineering  and  production  at  the  Westford, 
Mass.,  company 

The  company  is  using  Qwest’s  fully  managed  Network 
VPN  service,  which  is  built  on  Nortel  Shasta  VPN  devices. 
Instead  of  deploying  VPN  gear  at  each  customer  location, 
Qwest  only  requires  users  to  have  a  standard  router  de¬ 
ployed  to  support  a  dedicated  connection  to  the  Internet. 

“Qwest’s  service  is  something  similar  to  a  private  net¬ 
work,  but  less  expensive,”  Pineau  says. 

Captivate  has  70  buildings  connected  to  its  IP  VPN  and 
plans  to  have  270  connected  by  the  end  of  June.“Before 
working  with  Qwest  we  had  dial-up  lines  in  the  U.S.,”  Pin¬ 
eau  says  “We  were  investigating  DSL  and  went  pretty  far 
down  that  path,  but  there  were  a  lot  of  problems.  DSL 
companies  were  going  out  of  business,  filing  for  bank¬ 
ruptcy,  and  there  were  issues  about  some  sites  being  too 
far  from  a  carrier’s  [point  of  presence].” 

Qwest’s  offer  was  more  attractive  because  the  carrier 
could  support  all  Captivates  customers  in  the  U.S.“What 
was  unique  about  [Qwest’s]  product  is  they  provide  a 
fractional  T-l  to  a  [central  office]  and  they  have  Shasta 
equipment  that  does  the  encryption  over  their  IP  net¬ 
work,"  he  says.“lt’s  not  over  the  public  Internet." 

Captivate  also  is  hosting  servers  within  Qwest’s  data  cen¬ 
ter,  which  provides  the  company  with  a  centralized  hub 
for  its  content.  Captivate  has  EMC  storage  gear,  Nokia  fire¬ 
walls  and  servers  with  Windows  software  running  over 


Intel  hardware  deployed  within  the  data  center. 

“We  have  a  highly  reliable  computer  infrastructure  that 
we  need  24-7,”  he  says.This  is  where  Captivate  stores  and 
then  publishes  content  for  its  elevator  screens  from  part¬ 
ners  such  as  CNN, The  Weather  Channel,  The  New  York 
Times  and  the  Wall  Street  Journal. 

The  company  was  using  hosting  services  from  NaviSite, 
but  because  Qwest  could  combine  Captivates  hosting 
and  VPN  termination  the  company  now  is  saving  money, 
Pineau  says. 

He  says  the  company  is  working  with  Qwest  to  expand 
the  service  to  its  Canadian  customers. 

Deloitte  supports  traveling  users 

While  dedicated  VPNs  are  a  popular  choice  for  busi¬ 
nesses,  some  organizations  are  turning  to  IP  VPNs  to  sup¬ 
port  remote  users  who  are  constantly  on  the  go. That’s  the 
case  at  Deloitte  Consulting,  which  needs  to  securely  keep 
15,000  consultants  connected  to  its  corporate  network 
while  they  are  traveling  around  the  world. 

Deloitte  decided  to  outsource  its  remote  access  because 
“it’s  extraordinarily  difficult  to  manage  remote  access  in- 
house,”  says  CIO  Larry  Quinlan.“We’re  in  34  countries,  and 
the  consultants  travel  all  the  time.  It’s  almost  impossible  to 
insource  that  type  of  support.” 

Deloitte  uses  Aventail.net  Managed  Remote  Access 
Service  that  offers  users  access  to  corporate  networks 
through  a  Secure  Sockets  Layer  (SSL)  client  that  runs 
on  laptop  computers.  SSL  provides  168-bit  encryption 
over  the  Internet.  While  Aventail  manages  the  remote- 
access  gear  deployed  at  Deloitte’s  headquarters  in  New 
York  and  monitors  usage  and  performance,  Deloitte 
uses  WorldCom’s  remote  Internet  access  support  for 
network  connectivity. 

Aventail  does  not  provide  the  network  connectivity  for 
any  of  its  customers,  but  manages  the  VPN  gear  and  end- 
user  accounts,  including  intrusion  detection,  policy  man¬ 
agement  and  enforcement. 

“We  use  our  managed  VPN  service  to  handle  the  heavy 
lifting  of  remote  access  and  also  because  it’s  a  competi¬ 
tive  advantage,”  Quinlan  says.“We  spend  a  lot  of  time  at 
client  sites  so  the  ability  of  the  Aventail  service  to  go  over 
firewalls,  cable  modem,  DSL  and  private  networks  is  a 
plus.  We’re  also  using  this  network  to  support  some  of  our 
clients  in  an  extranet  environment." 

While  Aventail’s  service  meets  the  majority  of  Deloitte’s 
network  needs,  Quinlan  would  like  to  see  support  for  IP 
Security  along  with  SSL  Deloitte  is  also  interested  in 
using  Public  Key  Infrastructure  (PK1)  and  digital  certifi¬ 
cates,  but  both  are  “prohibitively  expensive"  from  any 
provider,  he  says.  PKI  and  digital  certificates  would  add 
another  layer  of  security  to  the  company’s  IP  VPN  ■ 
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THE  WHOLE  e-BUSINESS 
THING  IS  A  FAD. 

Nothing  could  be  further  from 
the  truth.  In  times  of  economic 
downturn,  it  may  seem  prudent  to 
put  the  whole  e-Business  issue  on  the 
backburner.  But  it's  not.  Tough  times 
call  for  nimbleness  and  agility  more 
than  ever.  The  time  to  get  smart  and 
implement  e-Business  solutions  for  your 
customers  is  today. 


THE  INTERNET 
CHANGES 
EVERYTHING. 

The  Internet  does  not 
change  everything. 

It  doesn't  change  the 
business  rules  that 
run  your  company. 

Or  the  infrastructure 
you've  spent  years 
building.  The  Internet 
is  obviously  a 
critical  part  of  any 
e-Business.  But  it’s 
how  well  you  manage 
the  information 
traveling  over  the 
Net  that  determines 
the  success  of 
your  business. 

IT'S  A 

ONE-BRAND 

WORLD. 

This  myth  surrounds 
just  about  every 
significant  e-Business 
platform  discussion. 
Virtually  every 
purveyor  of  e-Business 
platforms  touts  their 
version  of  this 
"one-brand"  world. 
Their  brand,  of  course. 
Big  surprise. 


At  Sybase,  we  know  it’s  just  not  true. 
Countless  brands  compete,  cooperate 
and  commingle  inside  your  company. 

It’s  laughable  to  pretend  that  any  one 
external  organization  can  "standardize" 
all  the  various  protocols,  systems, 
components,  new  technologies, 
languages,  databases  and  vendor 
relationships  that  your  business 
depends  on  to  succeed. 


Our  open  e-Business  platform  embraces 
diversity.  Making  all  of  this  stuff  work 
together  is  what  our  stuff  is  all  about. 

A  WEBSITE  IS  A  PORTAL. 

A  PORTAL  IS  AN  e-BUSINESS. 

Unless  your  data  has  the  ability  to 
travel  from  a  customer's  pager  to 
your  trusty  OS/390  mainframe  and 
then  back  to  your  customer  via  cell 
phone,  you  may  very  well  have  a 


website,  but  you  really  don't  have  an 
e-Business.  Our  proven  e-Business 
platform  totally  delivers  end-to-end 
functionality.  It  integrates 
every  single  aspect  of  your 
business.  What's  more, 
it  has  the  scalability 
to  constantly 
integrate  your 
new  components 
into  the  mix.  Like 
say,  10,000  brand  new 
customers,  for  example. 


IF  AT  FIRST  YOU  DON'T 
SUCCEED,  THROW  SOME  MORE 
MONEY  AT  IT. 

Hah.  Very  funny.  But  a  popular  belief 
for  a  long  time.  Listen:  That's  pure 
poppycock.  Real  e-Business  solutions 
deliver  real  business  results.  That 
means  increased  revenues,  reduced 
costs  and  profits  to  your  bottom  line. 

At  Sybase,  we  deliver  e-Business 
solutions  to  the 
FORTUNE  500,®  the 
largest  firms  on  Wall 
Street,  the  biggest 
names  in  healthcare, 
the  world's  largest 
computer  and 
networking  companies, 
the  biggest  players  in 
Europe  and  Asia. 

We  lead  in  enterprise 
portal  technology. 

We  dominate  in 
enterprise  wireless 
solutions.  And  we 
have  some  of  the 
best  middleware 
integration  solutions 
found  on  our  planet. 

We  can  deliver  ROI 
with  a  sense  of 
immediacy. 

IT'S  ALL  OR 
NOTHING. 

The  Big  Bang  Theory: 
You  need  to  do  all  of 
this  at  once.  Not  at  all. 

Implement  in  the 
way  that's  right  for 
your  firm.  From  the 
bottom  up.  Or  the 
top  down.  Component  by  component. 
It's  your  choice. 

Call  1  -800-8-SYBASE  or  visit 
www.sybase.com/myths  and  we'll  show 
you  how.  Fact,  not  myth. 


i  Sybasf; 

Information  Anywhere’ 
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EVERYTHING  WORKS  TOGETHER:” 


SYBASE  e-BUSINESS  SOFTWARE. 
BECAUSE  EVERYTHING  WORKS  BETTER  WHEN 


Mind-Boggling  Performance. 


Meet  the  Passport 
8600  Routing  Switch. 

Let’s  talk  performance  -  with  scalability  up  to  128  Gbps  of  switching 
capacity  and  wiTe-speed  QoS,  all  wrapped  up  in  a  fault-tolerant 
chassis,  we're  talking  some  serious  hardware.  Couple  that  with  a 
variety  of  10/100,  Gigabit  Ethernet,  Packet  over  SONET  and  ATM 

ports  and  you  begin  to  see  why  Nortel  Networks™ 
we're  so  passionate  when  we  talk  is  a  Global  Leader  in  L2-7 
about  delivering  world-class  high  Ethernet  Switching 

performance  LAN/MAN/WAN  connectivity  for  Enterprise  networks. 
From  the  physical  to  the  logical,  we’ve  designed  all  aspects  of  this 
product  to  be  easy  to  install,  operate  and  maintain.  It’s  designed  to 
provide  protection  strategies  at  multiple  levels  to  deliver  99.999% 
reliability.  And  talk  about  flexible  -  the  Passport™  8600  is  available 
in  a  3-slot  chassis  for  small  Enterprise  networks;  a  6-slot  chassis 
designed  for  backbones  in  which  space  is  at  a  premium  and  lower 
density  is  desired;  and  a  10-slot  chassis  designed  for  backbones 
that  need  the  highest  levels  of  availability  and  scalability. 
The  possibilities  are  mind-boggling.  To  learn  more  about  the 
Ethernet  switching  capabilities  Passport  8600  enables,  visit 
nortelnetworks.com/passport8600. 


Nortel  Networks,  the  Nortel  Networks  logo,  the  Globemark  and  Passport  are  all  trademarks  of  Nortel  Networks. 
©2002  Nortel  Networks.  All  rights  reserved.  'Dell'Oro  report,  4Q'01. 


■  Telica  and  Pactolus  Communi¬ 
cations  Software  have  teamed  to 
support  calling-card  and  conference¬ 
calling  services  in  phone  networks 
that  use  softswitches.The  companies 
have  announced  that  their  implemen¬ 
tations  of  Session  Initiation  Protocol 
are  interoperable,  meaning  Telica’s 
Plexus  9000  packet-voice  switch  can 
be  combined  with  Pactolus’  SIPWare 
Services  software  to  deliver  calling- 
card  and  conference-call  services. 
www.telica.com; www.pactolus.com 

■  Sonus  Networks  and  SnowShore 
Networks  also  are  joining  forces  to 
support  conferencing,  announcement 
services  and  voice  mail  using  packet- 
based  technology.  Sonus  makes 
Insignus  Softswitch  and  other 
packet  voice  gear  and  SnowShore 
makes  N20  Media  Server,  which 
provides  processing  power  for  voice 
service  applications,  www.sonus 
net.com;  www.snowshore.com 

■  Laurel  Networks  is  introducing  a 
new  card  for  its  ST200  edge  router 
for  service  providers  that  enables 
support  for  connections  as  small  as 
64K  bit/sec.  The  card  has  two  chan¬ 
nelized  OC-12  ports  that  can  be  sub¬ 
divided  into  DS-0  links.  It  also  can 
divide  traffic  into  T-1  channels  and 
can  bond  as  many  as  12  to  make 
larger  connections.  The  card  is  avail¬ 
able  now,  but  Laurel  didn't  disclose 
costs,  www.laurelnetworks.com 

■  A  new  study  by  Gartner  says 
corporate  interest  in  buying  Ether¬ 
net  services  will  increase  dramati¬ 
cally.  The  research  says  customers 
will  pay  $1  billion  this  year  for  such 
services  and  that  number  will  quad¬ 
ruple  by  2005.  Low  cost,  high  speed 
and  users'  comfort  with  Ethernet 
contribute  to  the  rosy  forecast, 
Gartner  says.  Major  carriers  will 
lead  the  way  selling  the  services, 
given  that  start-ups  that  champi¬ 
oned  the  technology,  such  as  Yipes 
Communications  and  Telseon, 
have  filed  for  bankruptcy  protection, 
the  report  says. 


Designing  optical  networks 

Sycamore’s  applications  plan  for  optical  networks  from  metro  to  core. 


Monitor  circuit  performance 

Sycamore  Networks’  Circuit  Spy  software  displays  current  status  of 
optical  circuits. 


■  BY  TIM  GREENE 

CHELMSFORD,  MASS.  —  Sycamore  Net¬ 
works  is  introducing  enhanced  tools  and  a 
new  service  to  design  and  plan  optical 
networks  more  quickly  and  accurately 

Additions  to  its  Silvx  InSight  software  fam¬ 
ily  let  network  architects  automate  report¬ 
ing  and  emulate  design  schemes  to  make 
sure  they  will  work  before  being  imple¬ 
mented. 

These  additions  include  a  new  applica¬ 
tion  called  Circuit  Spy,  more  features  for 
its  existing  Transport  Design  Application 
and  InSight  Design  Services. 

These  offerings  keep  Sycamore  near  the 
top  of  network  planning  and  design  tools 
for  optical  networks  along  with  Telium.says 
Andy  McCormack,  an  analyst  with  Optical 
Strategies. 

Circuit  Spy  software  enables  views  of 
how  network  bandwidth  is  being  used,  so 
leftover  capacity  can  be  distributed.  If  a 
provider  wants  to  lay  in  a  new  circuit  be¬ 
tween  two  cities,  Circuit  Spy  will  say 
whether  the  network  can  support  the 
addition  and  what  route  the  circuit  will 
take.  This  procedure  would  reduce  plan¬ 
ning  time  and  make  installation  of  new 
circuits  faster. 

Transport  Design  Application,  which 
checks  the  design  of  optical  networks  to 
make  sure  all  the  links  will  support  the  traf¬ 
fic  meant  for  them,  can  now  verify  net¬ 
works  that  include  Sycamore’s  long-haul 
and  ultra-long-haul  switch,  the  SN 10000. 


■  BY  PHIL  HOCHMUTH 

NASSAU,  BAHAMAS  —  It  is  said  that 
everything  you  could  want  is  in  paradise 
—  sunshine,  clear  blue  waters, soft  island 
breezes,  and  now,  high-speed  Internet 
and  Ethernet  metropolitan-area  network 
services  for  hotels,  businesses  and  those 
lucky  enough  to  call  the  Bahamas  home. 

The  Bahama  islands  also  have  a  $4.5 
billion-per-year  economy,  and  are  home 
to  hundreds  of  “offshore”  financial  insti¬ 
tutions  and  banks  —  businesses  that  tra¬ 
ditionally  had  to  buy  high-priced  satellite 


The  software  investigates  factors  such  as 
whether  signal  strength  is  great  enough 
between  sites,  whether  the  proper  ampli¬ 
fiers  are  used  and  whether  dispersion  is 
properly  engineered.  If  it  finds  a  flaw  in  a 
design,  it  lets  users  substitute  a  new  design 
and  verifies  whether  that  will  work. 

“This  helps  to  relieve  operating  expenses. 


services  or  telephone-company  circuits 
that  took  months  to  provision.  Cable 
Bahamas,  the  largest  cable  TV  provider  in 
the  region,  wanted  to  fix  that. 

The  ambitious  cable  company  recently 
installed  a  Gigabit  Ethernet-based  MAN, 
serving  50  business,  including  90%  of  the 
hotels,  and  residential  customers  on  the 
four  major  islands  —  Abaco,  Eleuthra, 
Grand  Bahamas  and  New  Providence. 
Network  service  speeds  are  available 
from  1M  up  to  1G  bit/sec. 

“We  didn’t  want  to  follow  SONET-like 
See  Bahamas,  page  42 


A  lot  of  the  network  planner’s  time  is  spent 
in  circuit  design, and  it’s  a  very  lengthy  pro¬ 
cess,”  McCormack  says. 

The  information  could  be  exported  to 
other  applications,  such  as  Microsoft 
Excel,  to  be  shared  by  technicians  in  the 
field  who  need  it  but  don’t  have  Transport 
Design  Application  on  their  workstations. 
This  export  also  eliminates  errors  that 
could  be  caused  by  manual  transfers, 
which  could  take  days  to  discover  and 
correct. 

Transport  Design  Application  includes  a 
new  wizard  that  helps  automatically  gener¬ 
ate  chassis  diagrams  instead  of  manually 
doing  so  on  a  separate  application.  Gen¬ 
erating  the  design  diagrams  by  hand  could 
take  days. The  diagrams  show  signal  paths 
through  each  node,  which  could  be  sent  to 
operators  and  installers  in  the  field  to 
reduce  errors  and  decrease  time  to  config¬ 
ure  new  services. 

Sycamore  says  Transport  Design  Applic¬ 
ation  can  reduce  planning  time  by  90%. 

Insight  Design  Services  puts  customers  in 
touch  with  Sycamore  experts  to  draw  on 
their  experience  using  Sycamore  tools. 

All  these  products  and  services  are 
available  now. 

Sycamore:  www.sycamorenet.com 


MANs  in  paradise 

Cable  Bahamas  uses  Gigabit  Ethernet  for  'Net  services. 


There's  a  Dell  PowerEdge  server 
for  every  kind  of  business. 

From  “kind  of  start  up"  to  "kind  of  FORTUNE  500.®" 
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needs,  at  an 

Dell  Rated  #1  in  Intel  Server  Satisfaction 

Technology  Business  Research 
Corporate  IT  Buying  Behavior  and  Customer  Satisfaction  Study 

3rd  Quarter 
-  December  2001 


No  matter  the  size  of  your  company,  we’ve  got  a  server  that  fits.  Dell  PowerEdge  servers  with  Windows®  2000  Server  have  many  amazing 
"abilities":  scalability,  availability,  manageability  and  serviceability.  So  they  grow  with  your  business,  minimize  downtime,  are  easy  to  integrate  and 
even  easier  to  support.  No  matter  what  your  business  needs  -  from  file/print  to  database  management  -  you  can  choose  a  PowerEdge"  server  with 
Microsoft®  Windows®  2000  Server  operating  system  that  is  right  for  you.  And,  by  dealing  direct  with  Dell,  you  get  a  system  customized  to  fit  your  business 
affordable  price,  backed  by  our  award-winning  service  and  support.  It's  a  nice  mix  of  exactly  the  server  you  need  with  exactly  the  operating  system  you  want. 


0% 

QuickLease' 

for  qualified  customer* 


Dell  Small  Business 


PowerEdge™  1500SC  Server 


NEW  Simple  and  Strong  Server 

•  Intel'  Pentium*  III  Processor  at  1.13GH2 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM  (up  to  4GB) 

•  18GB5  (10K  RPM)  Hot-Swap  Ultra3  SCSI  Hard  Drive 

•  Embedded  Dual-Channel  Ultra3  SCSI  Controller 

•  Embedded  Gigabit  NIC 

•  1-Yr  Next  Business  Day  On-Site  Service!  1-Yr  Limited  Parts 
Warranty!  1-Yr  24x7  Dedicated  Server  Phone  Tech  Support 


$1299  © 


Quick  Loan:  S35/mo„  48  mos" 

E-VALUE  Code: 
11098-290412 


Recommended  upgrades: 

•  NEW  PowerConnect”  2124”  24-Port  Unmanaged  Switch 
with  Gigabit  Port,  add  S299 

•  System  Including  Small  Business  Server  2000  and 
Memory  Upgrade  to  256MB  is  $2699 


PowerEdge™  1650  Server 


NEW  Highly  Available  1U  Rack-Optimized  GP  Server 

•  Intel*  Pentium*  III  Processor  at  1.13GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM  (up  to  4GB) 

•  18GB5  (10K  RPM)  Hot-Swap  Ultra3  SCSI  Hard  Drive 

•  Dual  Embedded  Gigabit  NICs 

•  Hot-Plug,  Redundant  Cooling  Fans 

•  Optional  Embedded  Dual-Channel  RAID  Solution 

•  Optional  Redundant  Power  Supplies 

•  3-Yr  Next  Business  Day  On-Site  Service3 


$1699 


QuickLoan:  $45/mo.,  48  mos!' 

O  E-VALUE  Code: 

1 


’11098-290416 


Recommended  upgrade: 

•  System  Including  Windows'  2000  Server  is  S2499 


PowerEdge™  2500  Server  PowerVault™  PV715N  Storage 


Robust  and  Scalable  Server 

•  Intel*  Pentium*  III  Processor  at  1.13GHz 

•  Dual  Processor  Capable 

•  128MB  133MHz  ECC  SDRAM  (up  to  6GB) 

•  18GB5  (10K  RPM)  Hot-Swap  Ultra3  SCSI  Hard  Drive 

•  Embedded  Dual-Channel  Ultra3  SCSI  Controller 

•  Embedded  Intel*  10/100  NIC 

•  Hot-Plug,  Redundant  Cooling  Fans 

•  Optional  Hot-Plug,  Redundant  Power  Supplies 

•  Optional  Embedded  Dual-Channel  RAID  Solution 

•  3-Yr  Next  Business  Day  On-Site  Service3 


$1899© 


QuickLoan:  $50/mo„  48  mos" 

E-VALUE  Code: 
11098-290418 


Recommended  upgrades: 

•  PowerConnect”  3024*  24-Port  Managed  Switch,  add  $699 

•  System  Including  Windows'  2000  Server  is  S2699 


NEW  NAS  File  Sharing  Storage 

•  Offloads  Storage  Load  from  Desktops  and  Servers 

•  Snap  Shot  Capability  for  Backing  up  Network  Data 

•  Intel*  Celeron®  Processor  at  900MHz 

•  256MB  SDRAM  (up  to  512MB) 

•  160GB  IDE  Hard  Drive  -  Four  40GB  Bays 

•  Dual  10/100  Ethernet  Ports 

•  SCSI  Port  for  Local  Backup 

•  Multi-Platform  Support  of  PC.  Unix,  Apple,  and  Novell 

•  Powered  by  Windows®  Operating  System 

•  1-Yr  Next  Business  Day  On-Site  Service!  3-Yr  Limited  Parts 
Warranty!  Lifetime  24x7  Dedicated  Server  Phone  Tech  Support 


$1799 


QuickLoan:  $48/mo.,  48  mos!' 

©E-VALUE  Code: 

1 


11098-29O417n 


pentium®/// 


Servers  for  any  size  business.  Easy  as 


D*LL 


Visit  www.dell.com/networkworld  or  call  toll  free  1-877-687-3355. 


Call:  M-F  7a  8p  Sat  8a-5p  CT 

Pricing.  specifications,  availability  and  terms  of  offer  may  change  without  notice  Taxes  and  shipping  charges  extra,  and  vary  U  S 
responsible  for  errors  in  typography  or  photography 


Dell  PCs  use  genuine  Microsoft'  Windows' 

Dell  Small  Business  (BSD  and  BASDI  new  purchases  only  Dell  cannot  be  he!:  WWW.micrOSOft.COm/piracy/hoWtOteli 


'This  device  has  not  been  approved  bv  the  Fedeial  Communications  Commission  tor  use  in  a  lestdential  envHonment  Hus  device  is  not.  and  may  not  be  ottered  lor  sale  01  lease,  or  sold  or  leased  tor  use  in  a 

residential  environment  until  the  approval  ot  the  FCC  has  been  obtained 


•For  a  copy  of  our  Guarantees  or  Limited  Watranties,  write  Dell  USA  l  P,  Attn  Warranties.  One  Dell  Way.  Round  Rock,  Texas  78682.  Service  may  be  ptovtded  by  thud  party.  Technician  will  be  dispatched,  it 
necessary,  following  phone-based  troubleshooting  To  receive  Next  Business-Day  service.  Dell  must  nouty  service  provider  before  5  pm  (depending  on  seivice  contract)  customer's  time  Availability  vane:,  For  hard 
drives  GB  means  I  billion  bytes,  accessible  capacity  vaiies  with  operating  envirohment  Monthly  payment  is  based  on  a  48-momh  12  49%  interest  rate  tor  qualified  business  customers  Your  interest  rate  and 
monthly  payment  may  be  same  or  higher,  depending  cm  youi  creditworthiness  OFFER  VARIES  BY  CREDITWORTHINESS  OF  CUSTOMER  AS  DETERMINED  BY  LENDER.  Taxes,  fees  and  stopping  charges  are  extra  and 
may  vary  Minimum  transaction  sue  o(  $500  >s  lequned  Maximum  aggregate  financed  amounts  not  to  exceed  $25,000  Not  valid  on  past  orders  or  hnancmq  QuickLoan  is  from  CIT  Online  Bank  to  Dell  Small 
Business  (BSD)  customers  with  approved  credit  *Qu>cLLease  arranged  by  Dell  Financial  Services  L  P.  an  independent  entity,  to  qualified  Small  Business  (BSD  and  BASDI  customers  0%  leasing  after  only 
applicable  ii*  a  24-month  Fan  Market  Value  iFMV)  QuickLease  and  valid  on  hardware  products  only  Applicable  faxes  tees  arid  shipping  not  included  Minimum  transaction  size  of  1500  is  required  Ar  the  end 
ot  the  FMV  QuickLease  term,  the  Lessee  shall  have  the  following  options  Purchase  the  equipment  for  the  then  FMV.  renew  die  lease  or  return  the  equipment  to  the  Lessor.  Please  contact  your  Dell  Financial 
Services  representative  for  furtive:  details  Alt  terms  are  subteci  to  credit  approval  and  availability  and  are  sublet  I  ro  change  without  notice  Not  valid  on  past  orders  or  leases  Dell,  the  stylized  £  logo.  E  Value 
PowerEdge  PowerConnect  and  PowerVau.t  ate  trademarks  of  Dell  Computer  Corporation  Intel.  Intel  Inside  and  Pentium  are  trademarks  or  registeied  trademarks  ot  Intel  Corporation  or  its  subsidiaries  m  the 
United  States  and  other  countries  Microsoft  and  Windows  are  registered  trademarks  of  Mictosoft  Corporation.  <112002  Dell  Computer  Corporation  All  rights  reserved 
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Alcatel  debuts 
seamless  failover 


■  BY  TIM  GREENE 

PARIS  —  Alcatel  claims  to  have 
new  technology  that  will  allow  its 
core  routers  to  fail  without  drop¬ 
ping  sessions,  a  feature  that  the 
company  says  will  relieve  some 
of  the  delay  problems  facing  car¬ 
riers  that  provide  pieces  of  the 
Internet  backbone. 

Called  Alcatel  Carrier  Environ¬ 
ment  Internet  System  (ACEIS), 
this  failover  software  will  be  avail¬ 
able  on  some  of  Alcatel’s  existing 
hardware  and  new  devices  that 
will  be  announced  by  year-end. 
ACEIS  can  support  99.999%  relia¬ 
bility  which  is  the  reliability  that  is 
demanded  by  traditional  tele¬ 
phone  carriers,  Alcatel  says. 

The  company  says  ACEIS  pro¬ 
tects  the  main  routing  engine, 
which  handles  control-plane  rout¬ 
ing  based  on  Border  Gateway 
Protocol,  Open  Shortest  Path  First 
and  Intermediate  System  to  Inter¬ 
mediate  System,  the  protocols 
used  by  Internet  routers.  This 
engine  holds  peering  and  reacha¬ 


bility  information  about  routers  in 
the  network.  If  the  engine  fails,  the 
router  would  have  to  be  fixed  and 
restored,  leaving  other  routers  in 
the  network  unable  to  connect 
with  the  part  of  the  network  asso¬ 
ciated  with  the  downed  router. 

Without  router  reliability, service 
providers  will  be  slow  to  adopt 
core  IP  networks  to  support  high- 
availability  services  that  can  vie 
against  frame  relay  or  ATM, 
Alcatel  says. 

“[ACEIS]  seems  to  be  an  exam¬ 
ple  of  Alcatel’s  ATM  switch  group 
putting  its  experience  into  rout¬ 
ing,”  says  Mark  Seery,  an  analyst 
with  RHK. 

The  technology  also  will  be 
able  to  support  more  attractive 
service-level  agreements  for  IP- 
based  services. 

Core  router  maker  Pluris 
demonstrated  a  seamless  failover 
on  itsTeraPlex  core  IP  routers  last 
year,  but  no  other  vendors  have, 
Seery  says.  Alcatel  says  it  will 
demonstrate  ACEIS  at  Super- 
Comm  2002  in  Atlanta  in  June.  ■ 


GommWorks  gets  its 
messaging  act  together 

■  BY  PHIL  HOCHMUTH 

SEATTLE  —  CommWorks  last  week  announced  a  new  messaging 
server  aimed  at  allowing  carriers  to  tie  together  voice  and  email  mes¬ 
saging  for  customers. 

The  CommWorks  8250  Unified  Communications  System,  unveiled 
at  the  Voice  on  the  Net  show,  is  an  IP-based  server  that  combines 
voice  mail,  email  and  fax  messages  on  a  single  interface  for  end 
users.The  8250  could  be  added  to  a  service  provider’s  IP  voice  or“IP 
Centrex” service  for  business  customers  to  add  enhanced  messaging 
capabilities,  or  for  customers  with  public  switched  telephone  net¬ 
work  (PSTN)-based  voice  services. 

The  server  supports  Session  Initiation  Protocol, Signaling  System  7, 
R«t  Office  Protocol  3  and  Simple  Mail  Transfer  Protocol  e-mail  pro¬ 
tocols,  and  wireless  access  protocol. These  protocols  allow  the  serv¬ 
er  to  offer  subscriber  access  to  a  unified  voice,  e-mail  and  fax  mail¬ 
box  from  a  company’s  standard  e-mail  system,  such  as  Microsoft 
Exchange,  Lotus  Notes  or  Eudora.An  internal  Web  server  on  the  8250 
lets  remote  and  traveling  business  end  users  access  messages  from  a 
Web  browser. 

The  8250  server  lets  subscribers  have  one  number  for  fax  and  voice 
message  s  and  can  convert  faxes  into  image  files  that  can  be  retrieved 
through  a  customer’s  email  account. 

The  sen  ■  r  supports  traditional  analog  and  digital  phones;  SIP  IP 
phones  and  mobile  phones;  voice  mail  subscriber  features  such  as 
call  monilonng  and  screening;  the  ability  to  return  calls  from  inside  a 
logged-on  user  account, and  message  alert  signaling  for  mobile  phone 
users. 

The  CommWorks  8250  is  available  to  carriers  now  ■ 


Metro  Ethernet:  No  problem  in  the  Bahamas 

Cable  Bahamas  built  out  Gigabit  Ethernet  rings  on  the  four  major  Bahama  islands  to 
offer  Ethernet  WAN  services  to  customers. 


Extreme  stackable  switches  are 
deployed  to  customer  premises. 


o 


Extreme  Alpine  switches  in  Cable  Bahamas  head-end  facilities 
feed  into  Juniper  routers  connected  to  interisland  rings. 
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Alpine  switches,  running  proprietary 
Ethernet  Automatic  Protection 
Switching  software,  can  failover 
traffic  in  less  than  1  second. 


V 


ra 


1G  bit/sec 

Ethernet  rings 

Other  customer  sites 


Bahamas 

continued  from  page  39 

bandwidth  service  speeds  on 
purpose,”  such  as  T-l  or  51M 
bit/sec,  says  Andre  Foster,  lead 
technical  engineer.  “We  wanted 
to  offer  something  different.” 

Last  year,  the  company  pursued 
business  customers  more  aggres¬ 
sively  and  deployed  a  switched 
Ethernet  MAN  infrastructure 
from  Extreme  Networks.  Before 
Cable  Bahamas’  offering,  the 
local  phone  company,  Bahamas 
Telecom  Company,  had  a 
monopoly  on  WAN  circuits  for 
connecting  sites  on  or  among 
the  islands,  or  for  hooking  to  the 
Internet.  Cable  Bahamas  also 
offered  300K  bit/sec  cable  TV 
broadband  services  to 
residents  and  some 
hotels. 

“Our  goal  was  to  build 
a  telecom  infrastruc¬ 
ture  to  compete  with 
the  telephone  company 
directly”  Foster  says. 

His  company  now  pro¬ 
vides  1 M  bit/sec  of  band¬ 
width  for  about  $400  per 
month,  while  some  business  cus¬ 
tomers  have  paid  $15,000  per 
month  fora  single  T-l  circuit  from 
the  phone  company,  he  says. 

“We  looked  at  SONET  stuff 
first,  but  it  was  extremely  expen¬ 
sive,”  he  says.“It  also  adds  a  layer 
of  complexity  that  we  didn’t 
want  to  get  into.” 

Cable  Bahamas  already  had 
undersea  fiber  to  provide  cable 
TV  service  to  the  four  major 
islands  and  had  been  building 
out  fiber  rings  on  the  islands. 
Long-haul  SONET  gear  was  not 


necessary  for  local-loop  con¬ 
nection  because  for  the  most 
part  they  run  less  than  6.2  miles 
—  the  distance  limit  for  Gigabit 
Ethernet  over  single-mode  fiber. 
The  company  even  used 
Gigabit  Ethernet  rather  than 
SONET  for  one  of  its  undersea 
fiber  links,  connecting  Eleuthra 
to  Nassau,  because  it  is  within 
Ethernet  fiber  range. 

The  cable  company  chose 
Extreme  Networks’  Alpine 
switches  for  its  head-end  “hub” 
facilities  to  light  its  land-based 
fiber.  The  Alpines  serve  as  the 
MAN  backbone,  connecting 
hubs  on  each  island  in  a  ring 
topology  (see  diagram).  The 
company  has  deployed  70 
Extreme  devices,  Foster  says. 


Layer  2  virtual  LANs  (VLAN) 
are  used  to  identify  customer 
traffic  at  the  edge.  Alpine 
switches  in  the  central  hubs 
feed  into  four  Juniper  M5 
Internet  routers,  which  sit  on 
the  cable  company’s  OC-48 
undersea  SONET  ring  connect¬ 
ing  the  four  islands. 

The  customer  VLAN  tags  are 
matched  with  Multi-protocol 
Label  Switching  labels  on  the 
Juniper  Networks  boxes  to  keep 
traffic  private  and  secure  on  the 
SONET  backbone.  SONET  links 


run  to  ISP  Epic  in  Boca  Raton, 
Fla.,  and  MCI  in  Herndon,  Va., 
providing  the  company’s  Inter¬ 
net  backbone  connection. 

Cable  Bahamas  went  with 
Extreme’s  gear  over  competing 
products  from  Riverstone  Net¬ 
works,  Foundry  Networks  and 
Cisco. “What  we  liked  about  Ex¬ 
treme  was  that  it  was  price-com¬ 
petitive,  and  it  had  the  key  fea¬ 
tures  we  wanted,”  Foster  says. 

One  key  feature  the  cable  com¬ 
pany  required  was  the  ability  to 
control  bandwidth  on  a  per-port 
level  at  the  customer  premise. 
The  hardware-based  “rate-shap- 
ing”capability  on  the  Alpine  and 
Summit  boxes  give  the  cable 
company  the  ability  to  throttle 
bandwidth  services  from  1M  to 
1000M  bit/sec.  River¬ 
stone  and  Foundry 
offered  this  feature  at  a 
higher  price  than  Ex¬ 
treme,  while  Cisco  did 
not  offer  rate  limiting 
on  its  MAN  products, 
Foster  says. 

The  other  requirement 
was  the  ability  to  create 
secure  VLANs  to  sepa¬ 
rate  customer  data  on  the  Layer  2 
edge.  “I  can’t  stress  enough  the 
benefits  of  VLANs,"  Foster  says. 
“That’s  what  makes  the  [Ethernet 
MAN]  service  possible.  We  also 
liked  the  strength  of  Extreme’s 
VLANs  because  of  that  —  they 
don’t  leak  data."B 


fcl  Our  goal  was  to  build  a  telecom 
infrastructure  to  compete  with  the 
telephone  company  directly.)) 

Andre  Foster 

Lead  technical  engineer, 

Cable  Bahamas 


View  from 
The  Edge 


Subscribe  to  our  free  newsletter. 
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And  now,  a  few  words 
about  data  back  up: 


For  the  tech  crowd: 

BrightStor™  Storage  Software 

More.  More.  And  now.  These  are  the  words  most  frequently 
associated  with  storage  needs.  The  explosion  in  web  activity, 
the  perpetually  increasing  number  of  applications  coming 
out  that  require  larger  databases  and  the  spiraling  complexity 
of  enterprise  storage  solutions  has  increased  the  demand  for 
immediate  solutions  to  growing  storage  problems. 

That's  why  there's  BrightStor  from  Computer  Associates  (CA). 
The  most  comprehensive  family  of  storage  solutions  on  the 
market,  BrightStor  solutions  are  completely  and  totally  open. 
Which  means  that  unlike  most  vendors,  who  are  focused 
solely  on  their  individual  solutions,  BrightStor  can  bring 
multi-vendor  systems  and  environment  together  seamlessly. 

What  does  this  mean  for  you?  It  means  optimization  of 
resources  across  all  platforms  and  storage  types.  It  means  a 
greater  understanding  of  your  storage  resources  and  how  to 
best  allocate  them  to  fit  your  needs.  And  it  means  a  lower 
total  cost  of  ownership. 

Specifically,  BrightStor  provides  you  with  unparalleled  data 
protection,  real-time  data  availability,  and  the  ability  to  view, 
manage,  and  monitor  your  resources  from  a  central  location. 
And  BrightStor  is  the  only  software  of  its  kind  that 
incorporates  CA's  portal  technology —  the  leading  portal 
solution  on  the  market. 

Why  rely  on  Computer  Associates?  Because  we're  a 
completely  independent  software  company  with  over 
25  years  of  experience.  That's  how  we  got  to  be  the 
software  management  experts.  And  that's  why  99%  of 
the  Fortune  500®  rely  on  our  software. 

We  know  that  storage  is  no  longer  just  backing  up  what  you 
already  have.  It's  facilitating  integration  with  every  aspect  of 
your  entire  eBusiness.  It's  leveraging  all  of  your  existing 
capabilities  to  maximize  your  resources  enterprise-wide.  And, 
most  important,  it's  using  what  you  have  to  find  future 
opportunities  and  capitalize  on  them. 


For  everybody  else: 

Reliable  =  Good. 
Unreliable  =  Bad. 


Computer  Associates™ 


HELLO  TOMORROW1”  |  WE  ARE  COMPUTER  ASSOCIATES  |  THE  SOFTWARE  THAT  MANAGES  eBUSINESS  ”  ca.com/brightstor/storage 


©2002  Computer  Associates  International,  Inc.  (CA).  All  trademarks,  trade  names,  service  marks,  and  logos  referenced  herein  belong  to  their  respective  companies. 


IT’S  REALLY  REALLY  SMART  TO  BE  REDUNDANT. 


You  never  know  when  your  building-to-building  network  connection  will  crash.  Only  that  one  day.. .it  will.  That's  why  you 
need  backup  wireless  connectivity  from  Western  Multiplex.™  Our  fixed  wireless  solutions  protect  you  from  the  service 
breaks  that  plague  fiber  and  copper — and  with  99.999%  carrier-class  reliability.  They  provide  a  separate,  always-on  network 
connection  that  eliminates  the  need  for  expensive  additional  leased  lines.  There's  no  more  affordable  way  to  securely 
transmit  data,  voice  and  glitch-free  video  in  all  weather.  At  speeds  up  to  860  Mbps  total  capacity.  To  find  out  more,  order 
our  FREE  white  paper  today.  And  see  how  smart  wireless  redundancy  really,  really  is. 

''fit  ■■ 


For  a  free  white  paper  on  redundancy,  visit  www.wmux.com/smartredundancy  or  call  1-877-296-7000. 


THE  CAPACITY  TO  DO  GREAT  THINGS 
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Multimode  wireless  chipsets  advance 


HOW  IT  WORKS 


HiuuinnH 


Multimode  wireless  chipsets 

New  chipsets  are  being  developed  that  can  handle  multiple 
wireless  protocols,  including  Wi-Fi,  Wi-Fi5,  Bluetooth, 
HiperLAN  and  802.11g. 


Wireless  access  point  or  wireless  NIC 


Radio  frequency 
transceiver 

Frequency  converter 
transmit/receive  switch 


Analog 


Baseboard 

processor 

Data  converter 
modem 


Digital 

frames 


Media  access 
controller  (MAC) 

Security,  QoS,  flow 
control,  packet  buffer 


Digital 

packets  cpu 


The  RF  transceiver  selects  the  appro¬ 
priate  channel  and  converts  baseband 
signals  to  analog  radio  signals. 
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The  baseband  processor 
converts  analog  radio 
signals  into  digital  frames. 


© 


The  MAC  decides  when  to  transmit 
and  when  to  receive,  and  passes 
digital  packets  to  the  device's  CPU. 


■  BY  STAN  REIBLE  AND  DAVID  MACDONALD 

The  next  generation  of  wireless  net¬ 
works  will  involve  multiple  protocol 
standards,  and  a  key  consideration  is 
that  multimode  chipsets  can  handle 
them  all  simultaneously.  However,  proto¬ 
col  candidates  such  as  Wi-Fi,  Wi-Fi5, 
HiperLAN,  IEEE  802.1  lg  and  Bluetooth 
have  different  and  incompatible  operat¬ 
ing  conditions,  so  multimode  chipsets 
will  have  to  be  developed  to  ensure 
compatibility. 

A  major  problem  is  that  wireless  net¬ 
work  protocols  operate  in  different  radio 
frequency  bands.  Wi-Fi,  IEEE  802.1  lg  and 
Bluetooth  operate  in  the  2.4-  to  2.483-GHz 
frequency  band.  Wi-Fi5  and  HiperLAN 
operate  primarily  at  5.15  to  5.35  GHz.  As  a 
result,  a  transceivers  internal  RF  source 
must  be  able  to  “tune”  over  both  freq¬ 
uency  ranges  and  select  the  operating  fre¬ 
quency  channel. 

To  complicate  things,  the  Bluetooth  pro¬ 
tocol,  based  on  Frequency-Hopped  Spread 
Spectrum,  requires  1,600  frequency  hops 
per  second  over  the  regulatory-mandated 
frequency  band  using  1-MHz-instanta- 
neously  wide  frequency  channels. 

Multiple  modes  can  be  daunting 

The  Wi-Fi  protocol  relies  on  single-carri¬ 
er  modulation  to  achieve  both  1 1 M  and 
5.5M  bit/sec  data  rates.  The  Wi-Fi5  and 
HiperLAN  protocols  employ  multicarrier 
modulation  to  achieve  their  higher  54M 
bit/sec  data  rates. 

IEEE  802.1  lg  employs  Orthogonal  Fre¬ 
quency  Division  Multiplexing  (OFDM)  for 
the  54M  bit/sec  rate  and  provides  for 
Packet  Binary  Convolutional  Code  modu¬ 
lation  as  an  option  to  deliver  22M  or  33M 


bit/sec  data  rates. 

Bluetooth  relies  on  Gaussian  Frequency 
Shift  Keying  modulation  to  deliver  1M 
bit/sec  data  rates. 

Baseband  processor  to  the  rescue 

The  principal  functions  of  baseband 
processors  are  to  generate  the  frequency 
hopping  sequence,  convert  analog  signals 
into  digital  data  frames  in  the  receive 
mode,  and  vice  versa,  in  the  transmit  mode. 
In  the  receive  mode,  the  first  step  is  analog- 
to-digital  data  conversion. The  digitized  sig¬ 
nals  are  then  demodulated  by  the  base¬ 
band  processor. 

The  multimode  baseband  processor  is 
also  responsible  for  establishing  necessary 
control  functions,  including  timing  and  fre¬ 
quency  synchronization  over  the  radio  fre¬ 
quency  transceiver,  and  must  do  so  within 
the  time  allotted,  without  knowing  in 


advance  which  modulation  approach  has 
been  used  in  received  signals. 

Media  access  controller 

A  media  access  controller  (MAC)  is 
responsible  for  managing  interaction  with 
an  air  interface,  deciding  when  to  listen 
and  when  to  talk,  and  passing  error-free 
data  packets  to  a  terminal  CPU.  Because 
all  the  IEEE  802.11  standards  essentially 
are  based  on  using  the  same  MAC,  and  the 
Bluetooth  MAC  is  comparatively  simple, 
defining  a  multimode  MAC  is  not  as  chal¬ 
lenging  as  the  implementation  of  the  cor¬ 
responding  radio  frequency  transceiver 
and  baseband  processor. 

Chipset  development  challenges 

The  key  piece  in  the  design  of  a  multi- 
mode  wireless  chipset  is  the  radio  fre¬ 
quency  transceiver.The  major  functions  of 


the  radio  frequency  transceiver  are  to 
select  the  transmit/receive  channel,  con¬ 
vert  radio  signals  to  and  from  baseband 
signals,  and  perform  the  necessary  modu¬ 
lation  and  demodulation  functions. 

The  transceiver  translates  internally  gen¬ 
erated  baseband  signals  to  a  radio  fre¬ 
quency,  creating  the  desired  waveform  for 
transmission.  On  the  receive  side,  it 
removes  the  radio  frequency  carrier  from 
the  incoming  signal,  leaving  the  base¬ 
band  signals  with  the  desired  data. 

To  encompass  operation  in  all  protocols 
the  radio  frequency  transceiver  will  need 
to  have  an  radio  frequency  signal  source 
agile  enough  for  Bluetooth  and  with 
enough  spectral  purity  for  OFDM.  The 
receiver  will  need  to  have  enough  sensi¬ 
tivity,  and  the  transmitter  enough  power 
output  to  produce  adequate  range  and 
have  circuits  with  adequate  dynamic 
range  and  linearity  for  providing  IEEE 
802.11a  and  802.1  lg  operation  at  the 
intended  maximum  data  rates. 

Providing  the  processing  power  (that  is, 
a  million  instructions  per  second)  and 
speed  to  establish  protocol  mode  control 
within  the  time  allotted  without  consum¬ 
ing  excessive  battery  power  is  one  of  the 
most  challenging  requirements  of  multi- 
mode  baseband  processors. 

The  challenges  at  every  level  are  diffi¬ 
cult.  But  vendors  are  undaunted,  and  ini¬ 
tial  product  releases  have  been  forecast 
for  as  early  as  the  third  quarter. 

Reible  is  vice  president  of  Systems  and 
Architecture  at  Global  Communication 
Devices.  He  can  be  reached  at  sreible@ 
gcdchips.com.  MacDonald  is  director  of 
marketing.  He  can  be  reached  at  david.mac 
donald@gcdchips.  com. 


Dr.  Internet 


By  Steve  Blass 


Over  the  weekend,  hackers  attacked  our  FTP  site 
and  created  a  directory  with  an  illegal  name  of 
“AUX+./+/"  that  we  cannot  delete  from  the  ser¬ 
ver.  We  shut  down  the  FTP  server  for  now. 

These  are  the  log  file  entries  of  the  attack: 
wsftp70@  MSFTPSVC2  [13]MKD  test  257  0  0  0 
wsftp70@  MSFTPSVG2  [13JRNFR  test  350  0  0  0 
wsftp70@  MSFTPSVC2  [13JRNT0  AUX+./+/  250  0 
00 

How  can  we  get  rid  of  the  directory  that 


was  created? 

You  may  have  been  attacked  to  the  point  where 
need  to  do  two  things:  1)  rebuild  the  FTP  server 
from  scratch  using  clean  installation  media,  and 
2)  configure  it  to  deny  uploads  and  directory  cre¬ 
ation  commands.  You  will  find  that  you  will  keep 
getting  scanned  and  attacked  if  you  maintain  a 
public  Internet  FTP  server.  That  MSFTPSVC2 
can  create  directories  and  files  using  illegal  file 
names  means  you  have  to  be  careful  when  con¬ 


figuring  FTP  upload  services.  This  is  true  for  any 
FTP  server  program.  In  the  meantime,  you  may 
be  able  to  delete  the  directory  from  a  command 
prompt.  Otherwise,  moving  the  parent  directory 
outside  of  the  FTP  server  tree  and  copying  he  -k 
what  you  need  could  also  fix  the  immediate 
problem. 

Blass  is  a  network  architect  at 
Change@Work  in  Houston,  He  can  be  reach  £  1 
at  dr.internet@changeatwork.com. 
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Technology  Update 


GEARHEAD 
INSIDE  THE 
NETWORK 
MACHINE 


First,  a  correction  regarding  last 
week’s  column  on  XML  Schema 
Definition.  In  the  part  about  creat¬ 
ing  derived  data  types,  we  goofed.  Eagle- 
eyed  reader  Will  Wagers  wrote  to  tell  us 
of  our  error:  “Surely,  you  meant  -2  to  the 
63  to  2  to  the  63  -l?”Surely  we  did.  The 
moral  is  never  edit  by  cell  phone  while 
driving  at,  ahem,  65  mph. 

This  week  we  promised  XSD  would  get 
interesting  when  what  we  meant  was 

“even  more  interesting” _ 

So  by  now  you  should  have  a  pretty 
good  idea  of  XSD’s  primitive  (also  called 
“basic”)  and  derived  data  types.  Just  to 
make  things  even  more  gripping,  that’s 
not  all!  Oh  no,  XSD  also  has  complex 
types  that  are  derived  from  multiples 
and/or  combinations  of  primitive  and 
derived  types. 

This  example  is  borrowed  from  a  book 
we  highly  recommend:  Architecting  Web 
Services  by  William  Oellermann  Jr. 
(www.nwfusion.  com,  DocFinder:  8930). 


Mark 

Gibbs 


XSD  gets  even  more  interesting 


Oellermann  covers  a  huge  amount  of 
ground  in  this  book  in  as  easily  under¬ 
stood  a  manner  as  possible  considering 
the  inherent  complexity  of  the  subject. 

While  we’re  at  it,  we  should  mention 
another  book  that  we  rather  like  that 
attempts  to  ease  you  into  the  dark 
recesses  of  XSD  and,  indeed,  many  other 
things  XML-related  —  XML  for  the  World 
Wide  Web  by  Elizabeth  Castro  (www 
.nwfusion.com,  DocFinder:  8931). 

Castro’s  book  is  not  quite  as  detailed 
(or  as  long)  as  Oellermann’s  but  has 
more  examples  that  are  more  detailed, 
making  it  easier  to  understand  the  prin¬ 
ciples  of  XML,  XSD  and  related  tech¬ 
nologies.  We  recommend  getting  both 
books. 

So  here’s  a  complex  type  defined: 
ccomplexType  name  =  “money”  > 
<simpleContent> 

<extension  base  =“decimal”> 

<attribute  name  =  “cur¬ 
rency”  type  =  “string”  /> 

</extension> 

</simpleContent> 

</complexType> 

The  complex  type  that  we’re  defining  is 
called  “money”  and  it  is  based  on  the 
primitive  type  “decimal.”  But  we  need  to 
add  to  the  type  an  attribute  that  defines 
the  currency  —  hence  the  “extension” 


element. 

This  XSD  specification  applied  to  the  fol¬ 
lowing  XML  would  pass  validation: 

<money  currency=”USD”>123.45 
</money> 

So  far  all  we’ve  done  is  just  lightly 
scratch  the  surface  of  creating  a  schema 
using  XSD,  but  you  can  see  how  defini¬ 
tions  under  XSD  create  templates  for  vali¬ 
dating  XML  content. 

We  recommend  that  you  check  out  the 
World  Wide  Web  Consortium’s  XSD  primer 
(www.w3.org/TR/xmlschema-0/),  but  you 
might  want  to  read  either  or  both  of  our 
recommended  books  first  —  the  W3C 
stuff  is  beyond  exhaustive. 

A  helping  hand 

As  you  can  imagine,  creating  an  XSD  by 
hand  would  be  very  time-consuming  and 
error-prone,  but,  fear  not,  there  are  tools  to 
help  you  create  and  validate  XML  content 
against  XSD  specifications. 

One  of  the  most  highly  rated  XML  tool 
suites  is  XML  Spy  from  Altova  (www.xml 
spy.com).  XML  Spy  is  for  creating  and 
validating  XML  schemas,  Document 
Type  Definitions  (DTD)  and  documents. 
It  presents  you  with  an  integrated  devel¬ 
opment  environment  with  multiple 
panes  and  automatically  generates 
code  in  the  background.  You 


can  validate  XML,  DTD  and  XSD  docu¬ 
ments  using  the  built-in  incremental 
parser. 

Most  of  the  process  of  constructing 
something  like  an  XML  or  XSD  docu¬ 
ment  is  a  matter  of  drag-and-drop  and, 
where  required,  XML  Spy  can  generate 
an  Access  database  to  support  an  XML 
document. 

This  is  an  awesome  tool,  but  don’t 
underestimate  the  steep  learning  curve 
that  comes  with  such  sophistication. Then 
again,  XML  and  XSD  aren’t  for  techno¬ 
wimps  anyway 

Another  major  player  in  this  market  is 
SoftQuad  (recently  swallowed  up  by 
Corel)  with  the  XMetal  product  (http:// 
shorterlink.com/7XZCU9Y). 

XMetal  was  one  of  the  earliest  and 
most  polished  XML  editing  tools  and  the 
latest  release,  Version  3.0,  includes  XSD 
support.  We  have  yet  to  get  our  hands  on 
this  product  but  it  looks  very  promising 
(see  http://shorterlink.com/7ASYlN7  for 
a  full  feature  list). 

Be  all  that  as  it  may,  next  week  we’ll  carry 
on  with  our  tour  through  Web  services 
technology 

So  what  are  you  doing  with  Web  ser¬ 
vices?  Spill  your  content  to  gear 
head@gibbs.  com. 


Cool 

Quick  takes 
on  high-tech  toys 

By  Keith  Shaw 


ere  are  some  more  cool  things  we’ve  been  trying 
out  recently: 


IBM's  A31  ThinkPad 

We’ve  installed  lots  of  software  on  this  IBM  model, 
which  came  with  a  1.6-GHz  Mobile  Pentium  4  processor, 
integrated  802.11b  wireless,  a  DVD-ROM  drive,  large  dis¬ 
play  area  (15-inch  TFT),  256M  bytes  of  RAM,  a  40G-byte 
hard  drive  and  integrated  10/100M  bit/sec  Ethernet 
port.  All  this  and  more  for  $2,674. 

At  8.15  pounds,  we  thought  it  was  a  bit 
heavy  for  constant  road  warrior 
usage.  IBM  refers  to  the  A  series 
as  "desktop  alternatives."  We  see 
these  being  used  in  an  office 
setting  where  you’d  still  want 
to  be  occasionally  mobile 
(such  as  taking  it  home  to  fin¬ 
ish  work).  One  thing  we 
found  odd  was  the  battery 
drain  —  at  50%  battery  life, 
the  multimedia  features 
(Windows  Media  Player) 
suddenly  began  to  act  like 
we  were  playing  a  45-rpm 

Altec's  stylish  speaker  system  is  priced  right 


record  at  33  rpm  or  slower. The  normal  sound  of  the 
music  didn’t  come  back  until  we  were  at  full  charge 
again.  More  information  can  be  found  at 
www.ibm.com/products. 


Altec  Lansing's  4100  4.1  Speaker  System 

If  you’ve  got  an  office  and  really  want  to  rock 
the  house  —  and  still  be  stylish  —  the  4100 
system  can’t  be  beat.  For  only  $200,  you  get 
four  attractive  speakers  and  a  subwoofer, 
plus  a  very  sleek  wired  remote  for  increas¬ 
ing  the  volume  after  hours  for  your  gaming 
endeavors.  It’s  a  good  price  for  speakers  of  this  quality 

The  speaker  system  also  works  with  any  device  that  has 
a  3.5mm  headphone  jack,  so  it  can  be  used  with  your 
Playstation  2,  MP3  player  or  other  devices. 

Installation  was  as  easy  as  connecting  the  color-coded 
speaker  cords  to  the  base  of  the  subwoofer  and 
then  plugging  the  subwoofer  into  the 
headset  jack  of  the  computer. 
Head  to  www.nwfusion.com, 
DocFinder:  8929,  for  more  infor¬ 
mation  on  the  system. 

Laptop  stands  from 

ILapvantage 

If  you  take  your 
laptop  home  or 
you’re  on  the 
road,  two  models 
from  Lapvan- 
tage.com  may 
help.  The  $30 
Ergo  Edition  is  a 
laptop  stand  that 
raises  your  note¬ 
book  to  eye  level  to 
reduce  eyestrain,  back 


Lapvantage's  laptop  stand  could 
improve  your  ergonomics. 

pain  and  shoulder  pain  (look¬ 
ing  down  at  a  notebook  creates 
strain).  It  includes  a  cubbyhole 
in  the  back  of  the  stand  to  let 
you  store  attachments  such 
as  Universal  Serial  Bus 
hubs.  While 
the  stand  is 
not  heavy, 
the  bulk 
may  prevent  a  mobile 
worker  from  bringing  it  on  the  road. 

The  second  model  is  the  Portrait  Edition,  which  lets  you 
rotate  your  notebook  90  degrees  to  get  a  portrait  view  of 
the  screen,  giving  you  more  screen  space  for  activities 
such  as  word  processing  documents  and  Web  surfing. 
Both  editions  require  you  hook  up  an  external  keyboard 
and  mouse  to  the  laptop, so  make  sure  you  also  have  one 
of  those.  The  Portrait  Edition  comes  bundled  with 
PivotPro  6.0  software,  which  lets  the  screen  be  rotated 
into  portrait  mode. The  Ftortrait  Edition  costs  $80  with  the 
software,  or  $50  without. 

We  felt  the  Portrait  Edition, while  an  interesting  idea, lim¬ 
ited  some  of  the  things  you  could  do.  When  we  rotated 
our  laptop,  we  either  lost  the  PC  card  slot  on  one  side,  or 
the  DVD  drive  and  speaker  inputs  on  the  other  side. The 
stand  had  some  holes  on  it  that  give  you  access  to  the 
drives,  but  it  just  added  more  work  to  do  this.The  advan¬ 
tages  of  having  the  laptop  rotated  were  lost  because  of 
these  additional  steps. 

Still,  for  workers  who  need  vertical  screens,  and  where 
there’s  an  external  keyboard  and  mouse  available,  these 
are  worth  a  look. You  can  find  more  information  on  the 
stands  at  www.lapvantage.com. 


Shaw  can  be  reached  at  kshaw@nww.com 
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EDITORIAL 

John  Dix 

Getting  down 
with  the  VON 
Showdown 

There  was  some  good  back  and  forth  at  our  Network 
World  Showdown  on  IP  PBXs  at  the  Voice  on  the 
Net  conference  last  week  in  Seattle,  with  vendors 
fielding  questions  about  everything  from  system  readi¬ 
ness  to  system  architecture. 

In  the  first  segment,  representatives  from  Avaya,  Alcatel, 
Nortel, 3Com  and  Shoreline  Communications  answered 
questions  put  forward  by  yours  truly  and  co-host  Mike 
Hommer,  manager  of  lab  testing  at  Miercom.a  member 
of  the  Network  World  Global  Test  Alliance.Then  it  got  a 
little  more  feisty  in  Round  Two  when  the  vendors  got  to 
ask  each  other  questions. 

Barry  Castle, Shorelines  vice  president  of  marketing, 
asked  Nortel  why  it  was  simply  layering  IP  on  top  of  its 
existing  PBXs.“lsn’t  that  a  short-term  fix  to  hold  off  the 
market?  Like  Digital  Equipments  move  in  the  late  ’80s  to 
run  Novell  NetWare  on  the  VAX  to  slow  the  migration  to 
PCs?” 

Ouch. 

And  Alcatel’s  Rudy  Mazza,  marketing  director  of  the 
voice  launch  team,  asked  Avaya’s  representative, “If  I  want 
to  use  one  of  your  new  IP  gateways,  will  I  have  to  per¬ 
form  a  brain  transplant  on  the  Definity?”  Jorge  Blanco, 
director  of  Avaya’s  Enterprise  Telephony  strategy  and 
planning,  answered, “Yes, you  have  to  do  a  lobotomyYou 
have  to  swap  in  a  Linux-based  processor,  but  you  can 
keep  85%  of  the  cabinetry” 

And  so  it  went. 

All  this  may  have  been  falling  on  skeptical  audience 
ears,  because  in  a  presentation  earlier  that  day  Henry 
Sinnreich,an  executive  staff  member  at  WorldCom,  dis¬ 
missed  all  IP  PBXs  as  “Internet-unaware.”  He  said  the  gear 
is  centrally  controlled,  proprietary  offers  no  Web  integra¬ 
tion  and  lacks  second  sources  for  components  such  as 
phones. 

True  innovation  and  integration  can’t  be  achieved  until 
the  industry  embraces  phone  systems  based  on  Session 
Initiation  Protocol  (SIP),Sinnreich  said.  And  indeed,  the 
SIP  battle  cry  was  heard  repeatedly  throughout  the  show. 

Among  other  things, SIP  support  promises  interoperabil¬ 
ity,  lower  cost  and,  most  importantly,  extensions  to  email, 
instant  messaging  and  the  Web. The  Windows  Messenger 
bundled  into  Windows  XPfor  example,  is  based  on  SIP 
While  many  technical  and  practical  obstacles  stand  in 
the  way  of  SIP  nirvana,  many  speakers  —  even  from  the 
h  .ditional  PBX  vendors  —  agreed  that  SIP  is  the  future 
to i  converged  systems.  It  is  just  a  question  of  how  do  you 
v  ■  there  from  here  and  how  long  will  it  take. 

Those  questions  went  unanswered. 

—  John  Dix 
Editor  in  chief 
jdix@nww.com 
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Product  pros  and  cons 

Regarding  your  Buyer’s  Guide  to  network  manage¬ 
ment  software  suites  (www.nwfusion.com,  Doc- 
Finder:  8924):  We  just  finished  an  extensive  trial  of 
Entuity’s  Eye  of  the  Storm  (EOTS).The  best  feature 
of  this  product  is  how  it  helps  manage  Layer  2  —  it 
ain’t  just  another  router  tool.  EOTS  is  one  of  the 
best  switch  management  products  around. 

Also,  you  say  that  users  can  create  their  own  cus¬ 
tom  reports,  but  the  reports  in  EOTS  are  pretty  much 
canned.  But  having  said  that,  it’s  got  one  of  the  best 
graphing  interfaces  I’ve  seen,  bar  none. 

Finally  it  seems  your  reviewers  are  reluctant  to  say 
anything  negative  about  these  products.  I’ve  been  an 
administrator  of  Aprisma  Management  Tech¬ 
nologies’ Spectrum  for  about  three  years.  Why  don’t 
you  point  out  the  “hood  welded  shut”  nature  of 
Spectrum?  For  example,  an  administrator  can’t 
close  alarms  in  the  spectrum  console  —  the  only 
way  they  get  closed  is  if  the  underlying  problem  is 
resolved. 

John  Chapin 
Network  management  specialist 
Alliance  Capital 
New  York 

Thank  you  for  providing  a  midtier  network  man¬ 
agement  product  review  (“Tightly  focused  network 
management  suites,”  www.nwfusion.com,  Doc 
Finder:  8925).  It’s  common  to  see  the  “big  guys”writ- 
ten  up  —  if  only  everyone  could  afford  them  and 
the  staff  to  go  with  them!  Also,  your  choice  of  scor¬ 
ing  categories  are  right  on  target. 

Becky  Bouwman 
Vice  president 
3dB  Global 
Gaithersburg,  Md. 

E-mail  letters  to  jdix@nww.com  or  send  them  to  John  Dix,  editor  in 
chief,  Network  World,  1 1 8  Turnpike  Road,  Southborough,  MA  01772 
Please  include  phone  number  and  address  for  aerification. 


Experience  wanted 

1  am  truly  delighted  by  your  article  on  IT  internships 
(www.nwfusion.com, DocFinder: 8926). I  am  a  newly 
qualified  Cisco  Certified  Network  Associate  and  am 
studying  to  become  a  Cisco  Certified  Internetwork 
Professional.  I  am  hungry  for  experience  and  strug¬ 
gling  to  find  a  place  to  gain  it  —  offering  in  return  to 
give  away  my  energy  and  skills  for  free,  if  need  be. 

You  have  provided  soothing  balm  to  the  aching  IT 
conundrum  of  the  newly  skilled  —  no  job,  no  expe¬ 
rience;  no  experience,  no  job.  Apart  from  a  few  laud¬ 
able  initiatives,  the  concept  of  internship  is  unheard 
of  in  South  Africa,  and  it  appears  we  are  not  entirely 
unique  in  this.  Thanks  for  promoting  this  idea  to 
management  in  such  a  creative  and  proactive  way 

Vaughan  Beckerling 
Cape  Town,  South  Africa 

Gender  shouldn't  matter 

In  the  News  Bits  section  of  your  March  25  issue, 
you  announce  that  the  Internet  Engineering  Task 
Force  selected  a  woman  as  chair  of  the  Archi¬ 
tecture  Board.  You  gave  this  action  a  “halo,”  sup¬ 
posedly  because  appointing  a  woman  was  some¬ 
how  good.  Why  this  action  is  good  simply  because 
a  woman  was  chosen  escapes  me.  I  hope  she  was 
selected  for  some  level  of  her  personal  merit,  but 
your  note  only  pointed  out  that  she  was  a  woman 
and  omitted  any  reference  to  qualifications  or 
accomplishments. 

1  hope  that  the  IT  industry  will  not  follow  the  error 
of  other  groups  by  politicizing  opportunities  to  suit 
a  misconceived  social  engineering  agenda. 

»  J.  Tyler  Balance 
Syracuse,  N.Y 

Editor's  note:  While  the  briefs  section  only  allowed  for 
us  to  give  a  short  take  on  Daigle's  appointment,  a 
more  complete  review  of  her  accomplishments  is 
available  at  www.nwfusion.com,  DocFinder:  8928. 


More  online!  www.nwfusion.com  Find  out  what  readers  are  saying  about  these  and  other  topes.  DocFinder  8922 
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TECHNOLOGY  AND  GOVERNMENT 

Deb  Mielke 

The  case  for  a  technology  czar 

here  is  not  one  facet  of  U.S.  government,  business  or  the  per¬ 
il  sonal  lives  of  each  and  every  citizen  that  is  not  touched  by  tech- 
ffl  nology.  National  defense,  tax  collection,  Social  Security  and 
Medicare, and  even  our  immigration  and  electoral  systems  all  rely  on 
the  computing  platforms,  software  and  communication  networks 
and  services.  Business  executives  are  well  aware  of  their  companies’ 
reliance  on  technology  to  conduct  business-to-business  and  busi- 
ness-to-consumer  transactions  (remember  the  Y2K  scare?).  Few  of  us 
would  be  willing  to  give  up  our  home  computers,  PDAs,  telephones, 
Internet  access,  cell  phones,  cable  or  satellite  TVs  and  all  the  other 
electronic  gadgets  that  have  become  invaluable  to  meeting  our  per¬ 
sonal  and  business  commitments. 

tion  in  the  global  economy 

In  the  current  government/business  environment,  the  technology 
czar  could  address  such  cross-disciplinary  issues  as  the  economic 
benefits,  technological  innovations,  tax  implications,  financial  and 
physical  security  and  individual  privacy  questions  surrounding  the  bur¬ 
geoning  e-commerce  sector.  Or  the  czar  could  look  at  how  wireless  and 
location-based  technologies  could  be  used  not  only  to  provide  inter¬ 
esting  new  business  and  consumer  services  but  also  to  enhance  the 
capabilities  of  government  agencies  to  respond  to  emergencies  more 
rapidly.  Lastly  the  czar  could  ensure  that  the  U.S.maintains  its  leadership 
in  technology  innovation  by  ensuring  that  regulation  does  not  impede 
nor  add  intolerable  cost  to  leading-edge  products  or  services.  If  this 

The  executive 
branch  needs 
at  least  one 
point  where  tech¬ 
nology  issues 
can  be  viewed  as 
a  whole. 

But  despite  the  obvious  critical  nature  of  technology  in  our  lives  and 
its  contribution  of  more  than  15%  to  the  gross  domestic  product  (a  con¬ 
servative  estimate),  the  government’s  knowledge  of,  and  interaction 
with, this  important  sector  of  the  economy  has  been  piecemeal  at  best. 
The  executive  branch  needs  at  least  one  point  where  technology  issues 
can  be  viewed  as  a  whole. That  point  should  be  a  government  technol¬ 
ogy  czar. 

Much  like  the  recently  created  director  of  homeland  security  posi¬ 
tion,  the  technology  czar  would  serve  as  an  interdepartmental  knowl¬ 
edge  transfer  point  within  the  government,  adviser  to  the  executive 
branch  on  technology  issues  and  spokesperson  for  the  government  on 
technology  topics.  Additionally,  the  czar  would  function  as  an  industry 
advocate,  ensuring  that  U.S.  technology  maintains  its  leadership  posi- 


doesn’t  appear  to  be  a  problem  right  now,  1DC  predicts  that  U.S  com¬ 
panies,  currently  spending  $5.5  billion  on  offshore  outsourcing,  will 
spend  $17.6  billion  offshore  by  2005.  How  many  jobs  and  what  per¬ 
centage  of  venture  capital  dollars  will  follow? 

The  appointment  of  a  technology  czar  would  focus  the  efforts  of  indi¬ 
vidual  governmental  departments  and  the  industry  on  problem  resolu¬ 
tions  that  do  not  fix  one  issue  (online  privacy)  while  creating  others 
(collection  of  tax  revenue).  More  importantly  the  high-tech  czar  would 
signal  our  governments  commitment  to  the  high-tech  industry  and  its 
continuing  leadership  in  innovation  and  economic  growth. 

Mielke  is  managing  partner  ofTreillage  Network  Strategies ,  a  consul¬ 
tancy  in  McKinney ;  Texas.  She  can  be  reached  at  dmielke@attbi.com. 


INDUSTRY  COMMENTARY 

Frank  Dzubeck 


s  1  look  back  over  the  past  year,  I  see  the 
communications  industry  in  a  state  of 
l  depression,  not  recession.  The  underly¬ 
ing  factor  in  this  dismal  economic  situation  is 
lack  of  capital.  Service  providers  are  plagued 
by  bankruptcy  filings  (35  to  date)  and  re¬ 
duced  capital  expenditure  budgets.  Equip¬ 
ment  vendors,  which  are  symbiotic  with  service  providers,  are  affected 
by  the  resulting  loss  or  postponement  of  sales.  Exacerbating  the  situa¬ 
tion  is  the  general  downturn  of  the  economic  climate,  which  is  forcing 
many  companies  to  contract.This  equates  to  a  “triple  whammy”  for  an 
industry  that  already  was  seeing  aversion  to  risk. 

What  went  wrong? 

Two  years  ago  the  communications  industry  was  in  a  remarkable 
growth  phase,  creating  competitive  opportunities  for  ISPs,  competitive 
local  exchange  carriers  and  optical  backbone  interconnect  suppliers, 
among  other  businesses.  E-commerce,  e-business  and  Internet  applica¬ 
tions  fueled  the  demand  for  bandwidth.The  dot-com  craze  was  in  full 
force.  Corporate  valuations,  venture  investment,  IPOs,  and  mergers  and 
acquisitions  were  at  an  all-time  high. 

There  were  numerous  causes  for  the  industry’s  downward  spiral  — 
the  first  being  greed  and  the  expectation  of  easy  money  through 
IPOs  of  companies  that  were  “before  their  time.”The  second  reason 
for  the  decline  was  that  many  service  providers  and  equipment/soft¬ 
ware  vendors  relied  on  poor  business  cases  to  generate  profits  and 
drive  corporate  growth. The  third  reason  was  the  tendency  of  stock 
buyers  and  the  investment  community  to  follow  a  herd  mentality 
rather  than  using  common  sense.The  final  reason  was  the  coup  de 
grace  that  killed  an  industry  —  panic,  fear  and  revenge. 

How  do  we  get  out  of  this  mess? 

The  simple  answer  is  for  the  capital  industry  to  return  to  sanity  But 
that  is  not  enough.  Investors  are  looking  for  opportunities  that  promise 
a  return  on  investment  and  offer  an  exit  strategy  To  succeed,  a  business 
equation  must  link  buyers  and  vendors  with  investors.  In  the  commu¬ 
nications  industry',  this  means  bringing  together  network-based  appli- 


Turning  an  industry  around 


cations  that  drive  bandwidth  demand  from  consumers  and  companies 
of  all  sizes. The  emergence  of  streaming  video  and,  in  the  future,  grid 
computing  as  applications  seems  to  be  the  answer:  bandwidth  genera¬ 
tors  of  the  first  magnitude.  From  the  sharing  of  DVD  movies  by  con¬ 
sumers  to  the  use  of  e-learning  by  corporations  and  government, 
streaming  video  has  come  of  age.  This,  coupled  with  industry-specific 
video  applications  and  video  chat,  will  produce  ever-increasing  band¬ 
width  demand  by  consumers  and  corporations. 

If  the  applications  exist  or  soon  will  exist  to  drive  bandwidth  demand, 
then  according  to  communications  industry  philosophy,  service  pro¬ 
vider  build-out  must  occur  ahead  of  the  demand.  Here  we  run  into  the 
Catch-22  conundrum  facing  the  industry  in  2002:  the  lack  of  capital 
required  to  build  out  networks  in  expectation  of  demand.  Without  sig¬ 
nificant  capital  expenditures,  customer  bandwidth  access  and  metro¬ 
politan  backbone  bandwidth  will  not  exist  to  meet  real-time  video 
application  and  grid  computing  requirements.  Until  we  solve  this  prob¬ 
lem,  growth  will  not  return  to  the  communications  industry. 

Recently  in  Washington,  industry  executives  have  lobbied  for  the 
government  to  step  in  and  assist  the  industry  through  Universal 
Broadband  Access  initiatives  that  guarantee  broadband  access  to  all 
consumers  and  businesses  in  the  U.S. The  intent  would  be  to  add  a 
surcharge  to  all  ISP  and  broadband  connections  or  content  services 
for  universal  service.The  fund  would  be  administrated  to  let  wireline, 
wireless  and  cable  providers  build  out  their  networks  to  increase 
broadband  access. 

Whatever  the  external  stimulus,  something  must  be  done  to  return 
economic  viability  to  the  industry  in  the  eyes  of  the  capital  markets  and 
the  investment  community  The  communications  industry  cannot  get 
the  financial  traction  to  do  this  itself  without  a  return  to  the  world  of 
noncompetitive  regulated  monopolies  —  an  alternative  that  everyone 
agrees  is  not  an  answer  to  the  problem. 


To  succeed,  a 
business  equa¬ 
tion  must  link 
buyers  and 
vendors  with 
investors. 


Dzubeck  is  president  of  Communications  Network  Architects,  an 
industry  analysis  firm  in  Washington,  D.C.  He  can  be  reached  at 
fdzubeck@commnetarch.  com. 


Hard  at  work  at  the  very  heart  of  the  world's  most  demanding  and  reliable  storage 
networks,  you'll  find  McDATA  enterprise  solutions.  In  over  70  of  the  Fortune 
100, 10  of  the  15  largest  U.S.  banks,  and  9  of  the  10  top  ISPs.  We've 
leveraged  our  open  storage  networking  technology  and  fabric  management  software 
expertise  to  create  a  full  family  of  open  enterprise  solutions  —  core-to-edge. 
Day-in  and  day-out  delivering  99.999%  availability  to  some  of  the  world's  most 
prominent  companies,  we  have  the  experience  you  can  rely  on,  too.  So  go  to  our 
web  site  or  give  us  a  call.  Without  a  doubt,  we've  got  a  solution  that  fits  your  needs. 


W  Core-to-Edge 
Enterprise  Solutions 

that  sjkfn  from  the  data  center,  to  the  department  level, 

oil  the  v/ay  to  the  very  edge  of  your  enterprise. 

■ 


Core  to-Edge  Enterprise  Solutions 
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SPOTLIGHT 

How  emerging  technologies 
are  transforming  key 
vertical  industries. 


Ethernet  takes  control 
of  the  factory  floor 

eplacing  legacy  control  networks  with  industrial 
ley  and  boost  performance. 


Manufacturers  are  r 
Ethernet  to  save  money 


■  BY  CAROLYN  DUFFY  MARSAN 

Shell  Deer  Park  Refining  announced  in  February  that  it  would  spend 
$12  million  upgrading  the  automation  systems  at  its  petroleum  refinery 
outside  Houston.  By  fall,  the  refinery  —  which  can  process  340,000  bar¬ 
rels  of  crude  oil  per  day  —  will  boast  new,  cutting-edge  instrumentation 
and  controls  that  take  advantage  of  high-speed  industrial  Ethernet. 


The  Deer  Park  project  is  one  of  several  industrial 
Ethernet  deployments  launched  by  Shell  Oil  and  its 
joint  ventures.  For  example,  Shell  Oil  is  building  a  mas¬ 
sive  chemical  plant  in  the  jungle  of  Nanhai,  China,  fea¬ 
turing  the  latest  automation  technologies  including 
industrial  Ethernet. 

Industrial  Ethernet  refers  to  the  use  of  standard  Ether¬ 
net  chips,  components  and  wiring  on  manufacturing 
networks  to  replace  older,  special-purpose  protocols.  By 
deploying  the  technology  Shell  Oil  is  dramatically  reduc¬ 
ing  the  cost  of  network  hardware  used  in  its  plants.  At 
the  same  time, Shell  benefits  from  faster  performance, 
simpler  networks  and  improved  information  sharing 
between  manufacturing  and  back-office  systems. 

Shell  Oil  isn’t  alone.  A  growing  number  of  manufactur¬ 
ers  including  General  Motors,  Great  Dane  Trailers,  Wes¬ 
tern  Kentucky  Energy  and  Syncrude  Canada  are  de¬ 
ploying  industrial  Ethernet  to  control  their  machinery 

“There’s  a  tremendous  amount  of  activity  going  on  in 
industrial  Ethernet,” says  Chantal  Pblsonetti.a  vice  pres¬ 
ident  with  ARC  Advisory  Group,  a  market  research  firm 
that  specializes  in  manufacturing  automation. The  stan¬ 
dards  bodies  that  specialize  in  manufacturing  net¬ 
works  have  released  their  own  industrialized  versions 
of  Ethernet  that  integrate  with  the  older,  proprietary 
protocols  while  meeting  the  stringent  safety  and  secu¬ 
rity  requirements  of  manufacturing  environments. 

At  the  information  layer,  industrial  Ethernet  allows 
companies  to  pull  data  off  a  manufacturing  line  and 
feed  it  to  enterprise  software  such  as  asset  manage¬ 
ment  and  inventory  control  applications. This  real-time 
data  is  made  available  via  a  Web  browser  to 
anyone  in  the  company  for  remote  monitor¬ 
ing  and  diagnostic  purposes. 

The  next  step  is  for  industrial  Ethernet  to 
carry  real-time  communications  between 
controllers  of  the  sensors,  push  buttons, 
motor  starters  and  other  devices  on  manu¬ 
facturing  lines.  Instead  of  installing  three  dif¬ 
ferent  network  cards  on  each  device  to  sup¬ 
port  separate  information,  control  and 
device  networks,  a  manufacturer  can  install 
a  single  industrial  Ethernet  card,  thereby 
cutting  the  cost  and  complexity  of  its  plant 
network. 

Fblsonetti  says  most  industrial  automation 
suppliers  are  shipping  controllers  with 


Ethernet  capabilities,  whether  or  not  that  capability  is 
used.  She  projects  that  4.7  million  Ethernet-enabled  con¬ 
trollers  will  be  shipped  in  2005,  up  from  116,000  in  2000. 

“As  long  as  you  adhere  to  the  mantra  of  intelligent 
implementation,  it  makes  a  lot  of  sense  to  go  with 
industrial  Ethernet  for  control,”  Polsonetti  says. 

That’s  what  Basic  Machinery,  a  Siler  City,  N.C.,  maker 
of  manufacturing  equipment  for  the  brick  industry 
learned  when  it  began  designing  a  new  $1.7  million 
machine  for  sorting  and  stacking  bricks.The  com¬ 
pany’s  new  dehacker,  which  was  delivered  to  its  first 
customer  last  month,  uses  Ethernet  for  its  information 
and  control  systems. 

“Ethernet  gives  us  the  speed  we  need,  which  is  100 
megabits  per  second,” says  Joey  Boswell,  project  man¬ 
ager  for  control  engineering  at  Basic  Machinery 

Boswell  says  alternative  protocols  are  either  much 
slower  than  industrial  Ethernet  or  require  more  expen¬ 
sive  components  and  wiring.  Basic  Machinery  is  using 
standard,  off-the-shelf,  twisted-pair  Ethernet  cables  in  its 
dehacker,  which  weighs  32  tons  and  is  as  large  as  half 
a  football  field. 

“Where  Ethernet  really  shines  is  that  every  one  of  my 
[input/output]  devices  is  Web-enabled,  which  gives  me 
diagnostics  right  at  the  machine’s  nerve  system,” 
Boswell  says.’That’s  something  that  all  these  other  pro¬ 
prietary  bus  networks  cannot  give  you.” 

Users  can  enter  an  IP  address  for  any  of  the 
machine’s  700  I/O  systems  into  a  Web  browser  to 
access  reams  of  real-time  diagnostic  information  about 
that  device.  Boswell  says  this  feature  helped  sell  the  de¬ 
hacker  to  Pine  Hall  Brick,  of  Winston- 
Salem,  N.C.’This  is  the  first  use  of  an 
Ethernet  control  system  in  the  brick  indus- 
try”  Boswell  says. 

One  potential  stumbling  block  for  indus¬ 
trial  Ethernet  deployments  in  control  sys¬ 
tems  is  fear  of  security  breaches.The  older 
three-tiered  manufacturing  networks  — 
with  separate  information,  control  and 
device-level  communications  —  offer 
security  advantages  by  keeping  the  differ¬ 
ent  types  of  network  traffic  physically  sep¬ 
arated  from  one  another. 

Rattening  these  networks  into  a  single 
industrial  Ethernet  backbone  —  while  cut¬ 
ting  costs  dramatically  —  has  some  inher¬ 
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ent  security  risks,  experts  say 
Security  concerns  are  one  reason  that  Syncrude  is 
not  yet  deploying  industrial  Ethernet  to  control  the 
sensors  in  its  oil  mining  facility  in  Fort  McMurray,  Al¬ 
berta,  Canada.  Instead,  Syncrude  uses  industrial  Ether¬ 
net  to  pull  historical  data  off  the  control  systems  for 
use  in  its  laboratory  and  simulator.  Syncrude  mines 
500,000  tons  of  sand  per  day  to  extract  oil  for  refining. 

“We’ve  been  using  the  industrial  Ethernet  network  for 
about  four  or  five  years,”  says  Ian  Verhappen,  an  engi¬ 
neering  associate  with  Syncrude.“We  were  one  of  the 
first  adopters  of  the  technology’ 

Syncrude’s  100M  bit/sec  industrial  Ethernet  back¬ 
bone  connects  several  control  systems  to  each  other, 
but  it  isn’t  used  to  control  the  machinery.  Syncrude  has 
firewalls  set  up  between  the  control  system  and  the 
industrial  Ethernet  backbone,  and  between  the  indus¬ 
trial  Ethernet  backbone  and  the  corporate  office 
automation  network. 


!  MANUFACTURING:  AT  A  GLANCE 

The  manufacturing  industry  contributed  $1.5  trillion 
to  the  gross  domestic  product  (GDP)  in  2000, 
according  to  the  Bureau  of  Economic  Analysis. 

From  1992  through  1997,  GDP  in  manufacturing 
grew  by  5.2%  annually,  compared  with  3.1%  for  the 
economy  overall,  according  to  the  National 
Association  of  Manufacturers. 

Gartner's  2001  Spending  Survey  shows  that  the 
average  IT  budget  as  a  percentage  of  revenue  is 
2.76  for  discrete  manufacturing  in  2002.The 
percentage  for  process  manufacturing  is  1.61. 


Still, Verhappen  says  Syncrude  eventually  will  use  its 
industrial  Ethernet  backbone  for  more  applications,  if 
not  direct  control  of  machinery.  For  example,  Syncrude 
is  rolling  out  real-time  video  of  key  manufacturing 
processes  on  the  industrial  Ethernet  backbone. 

The  biggest  challenge  Basic  Machinery  and  other 
manufacturers  face  with  industrial  Ethernet  deploy¬ 
ments  is  finding  automation  engineers  familiar  with 
Ethernet,  which  traditionally  has  been  an  office  tech¬ 
nology. 

Most  deployments  of  industrial  Ethernet  are  retro¬ 
fitting  existing  machinery  vs.  the  outfitting  of  so-calied 
greenfield,  or  new,  plants.  But  that  trend  may  shift  as 
the  manufacturing  sector  pulls  itself  out  of  an  18- 
month  slump. 

“There  are  not  a  lot  of  greenfield  activities  going  on 
right  now’’ says  Doug  McEldowney  strategic  marketing 
manager  for  Rockwell  Automation  Control  and  Infor¬ 
mation  Group,  which  sells  Ethernet-enabled  informa¬ 
tion  and  control  systems.“But  that’s  where  we  believe 
the  boom  for  industrial  Ethernet  is  going  to  be."  ■ 
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Global  load  balancers  can  boost  performance 
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of  e-business  sites,  providing  customers  with  * 
a  better  experience. 
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Continental  Airlines  has 


high  flying  plans  to  expand 
its  e-business  infrastructure 


to  Europe  and  Asia  this  year, 
and  global  load  balancers 
are  playing  a  pivotal  role. 


■  says 

Andre  Gold,  direc¬ 
tor  of  Internet  engi¬ 
neering  at 
Continental,  “If  the 
it  stretching  I«l<>l>al]  load-balanc- 
i  itegies  ing  technology 
Online:  i  ^  fails,  we  fail.  Our 

entire  e-business  strategy  is  based  on 
this  technology.” 

Global  load  balancers  use  a  num¬ 
ber  of  different  techniques  to  direct 
Web  traffic  to  the  most  appropriate 
server  farm  or  data  Center,  tinlike 
server  load  balancers,  which  manage 
traffic  within  a  company,  global  load 
balancers  manage  traffic  between 
geographically  distributed  sites. 

I  he  Houston  airline  uses  two 


I.inkProof  traffic  management  appli¬ 
ances  from  Radware  to  juggle  traffic 
between  its  two  ISPs  -  WorldCom 
and  Savvis  Communications.  The 
ISPs  support  the  airline’s  busiest 
Web  sites:  those  that  provide  fre¬ 
quent  flyer  information  and  handle- 
online  booking.  The  global  load  bal¬ 
ancers  monitor  the  performance  of 
both  ISPs’  networks  and  shuttle  Web 
traffic  from  Continental  data  centers 
back  to  the  customer  through  the 
fastest  route. 

This  improves  the  efficiency 
of  Continental’s  e-commerce  site, 
which  means  customers  can  obtain 
information  or  book  a  ticket  faster 
than  before.  Gold  estimates  that  the 
performance  improvements  have  let 
Continental  shave  $20  off  the  price 
of  a  ticket. 

This  year’s  e-commerce  data  cen¬ 
ter  expansion  will  hinge,  in  large 
part,  on  an  upgrade  to  Radware’s 
Web  Server  Director-Network 
Proximity  appliances,  which  will 
give  the  airline  the  ability  to  redirect 
customers  to  the  “closest”  server 
using  a  customizable  algorithm. 
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Andre  Gold  of  Continental 
Airlines  is  counting  on 
global  load  balancers. 


How  global  load  balancers  work 


Global  load  balancers  use  proprietary  proto¬ 
cols  to  collect  information  about  the  health  of  a 
site  or  to  derive  basic  location  information,  says 
Peter  Firstbrook,  an  analyst  at  Meta  Group. 

Although  there  is  some  support  for  exchang¬ 
ing  metrics  between  global  load-balancing 
gear  using  XML,  Firstbrook  says  communica 
tions  between  devices  are  not  expected  for  a 
few  years,  so  customers  are  better  off  sticking 
with  one  vendor  for  traffic  distribution. 

Today's  global  load  balancers  divert  traffic 


using  one  or  more  of  several  techniques: 

•  Most  common  for  Internet  applications  is 
DNS  redirection,  in  which  the  global  load  bal¬ 
ancer  becomes  the  authoritative  name  server. 
In  this  scenario,  client  URL  queries  traverse 
Internet  DNSs  until  the  IP  address  of  the 
global  load  balancer  is  returned.  The  appliance 
then  gives  the  client  the  IP  address  of  the  best 
data  center. 

One  disadvantage  of  DNS  redirection  is  that  it 


is  time-sensitive.  The  appliance  might  not  have 
the  most  up-to-date  information  on  the  status  of 
each  server  or  database.  But  DNS  redirection  is 
relatively  fast  and  easy  to  deploy  and  requires 
less  system  intelligence  than  other  methods. 

•  DNS  redirection  is  often  used  in  conjunction 
with  HTTP  redirection.  This  method  sends  traffic 
to  the  most  available  site  based  on  HTTP  header 
information.  It's  also  considered  quick  to  imple¬ 
ment,  but  the  downside  is  that  it’s  only  good  for 


HTTP  traffic,  not  for  FTP  streaming,  for  example. 

•Triangulation  is  another  DNS  method  tho* 
works  when  the  client  sends  out  a  request, 
which  is  shipped  to  multiple  sites  that  contain 
the  requested  content.  The  best  available 
server  sends  back  data  the  fastest.  Radwa-  ■- 
uses  a  triangulation  method  where  the  lead 
balancer  directs  traffic  to  the  least  loaded 
site,  while  masking  that  address  with  th.-. 
address  of  the  redirecting  site. 
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Global  load  balancers  don't  solve  all  problems 

If  you  need  to  deliver  cacheable  data  more  efficiently 
and  cost-effectively  to  customers,  then  a  content  delivery' 
network  (CDN)  might  be  your  best  bet.  A  CDN  will 
reduce  the  amount  of  traffic  hitting  a  server  by  moving 
frequently  requested  content  to  the  network  s  edge,  says 
Zeus  Kerravala,  an  analyst  with  The  Yankee  Group. 

But  if  you  need  to  handle  frequent  requests  for  transac¬ 
tion  applications,  it’s  more  useful  to  balance  and  direct 
traffic  between  data  centers,  because  that  type  of  data  is 
not  easily  cached. 

Cendent  Mortgage  in  Mt.  Laurel,  N.J.,  has  100  different 
Web  sites  across  its  divisions  that  are  used  by  individuals 
seeking  mortgage  and  financial  information.  Jim  New,  an 
advanced  technical  services  specialist  at  Cendent,  says 
even  though  the  price  tag  on  Cendent 's  load  balancing 
rollout  is  about  $240,000,  the  cost  is  well  worth  it. 

“We  can  handle  about  10%  more  requests  than  we  oth¬ 
erwise  might,”  New  say's.  “We  can  also  take  down  servers 
if  necessary  to  update  them  without  affecting  availability'.” 

The  company  has  two  global  load-balancing  appliances 
from  F5  Networks,  which  both  sit  outside  the  firewall. 
The  appliances  translate  external  IP  addresses  to  an  F5 
Big-IP  controller,  which  routes  IP  traffic  to  the  best  serv¬ 
er.  Cendent  has  data  centers  in  Mt.  Laurel,  Moorestown 


Global  load  balancing  at  Continental  Airlines 

Global  load  balancers  will  direct  Web  traffic  to  the  appropriate  server 
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and  Garden  City,  N.J. 

It’s  not  always  easy  to  nail  down  specific  monetary 
figures  to  show  where  global  load  balancing  delivers  value.  But  many 
corporations  are  happy  knowing  they  have  more  control  over  what’s 
already  in  their  network. 

The  Web  servers  at  Landstar  Systems,  a  transportation  services  company, 
are  the  most  important  means  of  communicating  with  more  than  10,000 
employees  who  work  for  about  1,000  Landstar  agents. These  are  owners, 
operators  and  contractors  who  log  on  to  Landstar’s  site  each  day  to  con¬ 
duct  business. 

The  company  distributes  network  traffic  to  15  servers  in  data  centers  in 

f  Looking  ahead  1 _ 


Near-term  advances  will  focus  on  improving  each  device’s 
overall  ability  to  check  the  health  of  an  application. 

F5  Networks  plans  to  enrich  its  ability  to  control  traffic  so 
that  users  create  localized  custom  topologies.  IT  managers 
can  route  traffic  on  a  country  level,  but  soon  will  be  able  to 
drill  down  on  a  more  specific  geographical  level,  says  Jason 
Needham,  a  product  manager  at  F5. 

The  company  also  will  improve  its  “persistence”  features, 
which  control  the  ability  to  make  sure  users  who  input  data 
on  one  screen  can  be  routed  back  to  those  locations.  This  is 
particularly  important  in  a  financial  application,  when  a  cus¬ 
tomer  fills  out  an  online  credit  card  profile,  for  example.  The 
ability  to  synchronize  that  data  with  other  data  centers  in 
real  time  is  something  that  F5  will  address  this  quarter. 

Cisco  also  will  improve  the  geographic  accuracy  of  where 
content  is  best  reached  for  fastest  response.  In  particular, 
companies  will  be  able  to  update  a  database  to  identify  con¬ 
tent  that  is  cached  on  a  particular  local  device  and  not  just  at 
an  origin  server. 

But  the  next  challenge  will  occur  when  corporations  want  to 
conduct  fulfillment  activities  out  of  multiple  servers  across 
more  than  one  data  center.  That  will  make  it  necessary  to 
synchronize  databases  across  the  company,  says  Thomas 
Nolle  of  the  CIMI  Group  and  a  Network  World  columnist. 

“Most  applications  today  are  designed  to  load  balance  a 
Y?  ^  display-only  Web  server,  rather  than  really  support  load  bal- 
anced  e-commerce  where  there  is  a  transaction  and  not  just 
"■Ipj  k  cataloged  Web  page,”  Nolle  says.  "But  ultimately  the  value  of 
an  electronic  catalog  is  limited  if  you  cannot  execute  off  of  it.” 
there  is  a  lot  to  distributed  load  balancing  that  has  nothing 
to  do  with  networks  and  everything  to  do  with  the  overall 
framework  of  the  applications.  Nolle  says. 


Some  predictions  about  GLB^l 


Jacksonville,  Fla.,  and  Rockville,  Ill.,  using  two  Radware  switches  —  a  WSD- 
Distributed  Solution  to  ship  traffic  to  either  data  center,  and  a  WSD  NP,  to 
direct  traffic  to  the  closest  client. 

Patrick  Wise,  vice  president  of  e-commerce  at  Landstar  in  Jacksonville, 
says  he  has  no  statistics  to 
prove  he  is  saving 
money,  but  by  redirect¬ 
ing  traffic  to  an  under¬ 
used  Web  server,  he 
avoids  having  to  add  an 
extra  server. 

More  important  to 
Landstar  is  that  it  can 
remove  a  failed  server 
from  a  cluster  without 
customers  ever  know¬ 
ing.  Another  benefit  is 
it  lets  Landstar  see 
potential  bottlenecks. 

“We  can  manage  our 
site  better  and  control 
our  load  better,”  Wise 
says. 


2001-2002  —  The  number  of  organizations 
adding  multiple  data  centers  is  increasing  and 
by  2003,  about  70%  to  75%  of  mid-  to  top-tier 
applications  will  be  distributed  across  at  least 
two  data  centers. 

2001- 2004  —  Prices  for  load-balancing  prod¬ 
ucts  will  gradually  decline  10%  to  15%  annually. 

2002- 2003  —  Global  load  balancers  and  local 
server  load-balancing  products  will  incorpo¬ 
rate  wireless  protocols  as  growth  of  all  wire¬ 
less  access  devices  accelerates. 

Source:  Meta  Group 


Global  load  balance  bits 

•  Aside  from  F5  and  Radware,  other  players  arc  Cisco,  through  its  pur¬ 
chase  of  ArrowPoint  Communications;  Nortel,  through  its  acquisition  of 
Alteon  WebSystems;  and  Foundry  Networks. 

•  Vendors  differ  on  how  they  measure  the  capacity  of  global  load  bal¬ 
ancers.  Some  use  throughput,  others  talk  about  connections  per  second. 
The  important  thing  is  having  a  device  that  can  scale  up  to  handle  peak 
numbers  of  requests  coming  in  to  the  data  centers,  Yankee's  Kerravala 
says. 

•  Global  load-balancing  appliances  generally  sit  outside  a  network  and 
catch  requests  before  they  hit  the  firewall,  although  there  is  flexibility  in 
how  they  can  be  installed,  and  in  some  cases  they  can  sit  between  the  fire¬ 
wall  and  the  servers. 

•  Most  vendors  sell  more  than  one  box  to  handle  the  actual  load  balanc¬ 
ing  and  traffic  distribution,  although  there  are  products  that  combine  the 
functions. 

It's  not  so  important  how  a  company  chooses  to  handle  the  task  as  long 
as  the  ultimate  goal  is  achieved.  “It’s  more  important  that  Web  transactions 
are  happening  as  quickly  as  possible,”  Kerravala  says. 


Semilof  is  a  freelancer  writer  living  in  Watertown,  Mass.  She  can  be  reached  at 
rnsemilof@attbi.  corn. 
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Making  the 
most  of  your 
outgoing  BGP 
routes 


BY  GREG  GODDARD  AND  RYAN  VAUGHN 


RouteSciences  PathControl  can  help  your  data  get  to  where  its  going  faster. 
This  device  optimizes  outgoing  Border  Gateway  Protocol  routes  by  measur¬ 
ing  the  latency  across  site-to-site  Internet  connections.  Our  lab  tests  showed 
PathControl  monitors  the  delay  found  in  each  ISP  connection  network  and  then 
ensures  data  is  sent  along  the  most  available  routes.  PathControl’s  strong  performance 
in  our  tests,  easy-to-use  interface  and  extensive  set  of  BGP  features  combined  to  earn 
our  World  Class  Award. 


In  any  multihomed  Internet  environment,  the  network  router  will  receive  multiple 
routes  for  the  same  destination  network.The  BGP  routing  algorithm  computed  by  an 
Internet  router  determines  the  best  egress  route  by  comparing  default  attributes  in  a 
specific  order  for  each  route,  from  each  provider, until  a  best  path  can  be  determined. 
In  a  situation  in  which  all  the  metrics  are  identical,  the  best  path  selected  is  the  route 
with  the  lowest  BGP  router  identification  number. 

Because  BGP  does  not  take  into  account  link  congestion  or  the  difference  in  delay 
among  multiple  ISP  connections,  a  product  such  as  PathControl  increases  the  likeli¬ 
hood  that  end  users  will  get  the  best  connection  possible.  We  tested  the  14-slot  version 
of  PathControl  that  supports  up  to  10  peerings  and  found  it  will  increase  the  likelihood 
the  Internet  router  will  select  the  route  with  the  lowest  latency 

PathControl  ships  with  three  modules.The  engine  stores  live  measurements  and  runs 
the  BGP  routing  process. The  management  module  serves  up  a  Cisco-like  command¬ 
line  interface  that  lets  a  user  configure  the  other  modules.The  user  statistics  (USTAT) 
modules  measure  the  handshake  round-trip  time  (HRTT), which  is  the  time  it  takes  for 
a  host  to  complete  a  TCP  handshake. 

An  optional  reporting  module,  which  costs  $35,000,  mirrors  the  data  stored  on  the 
engine  module  and  produces  comprehensive  summary  and  trending  reports  via  a 
Java-based  front  end.  With  the  reporting  module,  a  user  can  see  which  Internet  links 
perform  the  best  over  time  and  the  percent  optimization  improvement. 

Passive  mode  lets  the  user  test  the  product  without  interfering  with  outgoing  BGP 
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What’s  the  score? 

PathControl 

Performance  30% 

4 

Configuration/Management  30% 

5 

Features  30% 

5 

Installation/Documentation  10% 

5 

TOTAL  SCORE 

4.7 

Individual  category  scores  are  based  on  a  scale  of  1  to  5.  Percentages  are  the  weight  given 
each  category  in  determining  the  total  score.  ■  Scoring  Key:  5:  Exceptional  showing  in  this 
category.  Defines  the  standard  of  excellence.  4:  Very  good  showing.  Although  there  may  be  room 
for  improvement,  this  product  was  much  better  than  the  average.  3:  Average  showing  in  this 
category.  Product  was  neither  especially  good  nor  exceptionally  bad.  2:  Below  average.  Lacked 
some  features  or  lower  performance  than  other  products  or  than  expected.  1:  Consistently  subpar, 
or  lacking  features  being  reviewed. 

routes.  In  active  mode,  the  PathControl  device  makes  decisions  regarding  outgoing 
BGP  routes  based  on  configured  parameters. 

We  tested  PathControl  using  a  network  that  simulated  peering  with  two  external  BGP 
providers  (see  How  we  did  it  at  www.nwfusion.com,  DocFinder  8827). We  introduced 
300  msec  of  latency  and  25%  frame  loss  into  the  default  BGP  preferred  path.The  Cisco 
7206  box  we  used  as  our  Internet  router  still  preferred  the  degraded  connection.  But 
PathControl  determined  that  an  alternate  route  existed  via  another  ISP 

PathControl  made  this  determination  by  measuring  the  HRTT  between  its  USTAT 
modules  and  the  end  user  across  both  ISP  connections.  PathControl  advertised  the 
preferred  route  by  adding  a  higher  weight  to  the  route  through  the  other  ISPto  the 
Cisco  7206  router.  When  the  latency  and  packet  loss  were  removed  from  the  network, 
PathControl  adjusted  the  preferred  route  back  to  the  original  default  egress  path  on 
the  Cisco  7206  router. 

In  a  multihomed  Internet  environment, one  of  the  Internet  connections  often  will  be 
more  utilized  than  others.  As  a  content  provider’s  overall  utilization  increases,  more 
load  is  placed  on  the  already  heavily  utilized  link, and  at  some  point  this  would  require 
a  bandwidth  increase. The  monthly  price  per  megabit  of  Internet  connectivity  is  very 
expensive,  so  in  a  situation  like  this  the  user  would  be  adding  bandwidth  to  one  ISP 
connection  while  the  other  ISP  connections  still  have  unused  bandwidth.  A  device  like 
PathControl,  although  it  is  very  pricey  could  be  worth  the  investment  because  it  allows 
for  even  distribution  of  outgoing  traffic  over  multiple  ISP  connections. 

For  PathControl  to  be  used  in  a  production  network,  a  small  graphic  is  placed  inside 
the  Web  page  that  an  end  user  is  trying  to  access.This  is  the  mechanism  by  which  Path- 
Control  initiates  its  HRTT  measurements.  Because  this  is  a  very  small  file,  we  found  no 
adverse  effects  to  the  network  or  the  user  by  placing  it  on  multiple  Web  pages. 

We  don’t  feel  PathControl  would  be  good  to  use  on  an  ISP  link  used  predominantly 
to  deliver  streaming  media  content.  Content  providers  that  use  third-party  distributed 
content  caches  would  need  to  make  sure  that  the  file  was  not  placed  on  any  Web  page 
that  is  to  be  cached.  If  a  caching  engine  serves  the  file,  no  request  is  generated  to  Path- 
Control,  so  no  HRTT  could  be  measured  for  route  optimization  by  PathControl.  Route- 
Science  says  it  is  working  on  a  way  to  resolve  this  issue. 

PathControl  also  includes  options  that  can  be  used  to  improve  BGP  routing  deci¬ 
sions.  We  tested  the  penalty  value,  the  Autonomous  System-padding,  the  asserted- 
routes-timeout,and  the  min-required-measurements  options.  All  worked  as  advertised. 

The  penalty  value  is  used  as  a  bias  to  control  link  selection.The  higher  the  penalty,  the 
less  likely  a  route  will  be  preferred.  Autonomous  System-padding  adds  private  Autono¬ 
mous  System  numbers  to  the  Autonomous  System-path  to  make  the  asserted  route  un¬ 
attractive  to  other  ISPs  in  case  it  is  accidentally  advertised.The  asserted-routes-timeoi  i 
values  define  how  long  PathControl  will  leave  an  asserted  route  in  the  Internet  r.  hjv  - 
if  no  measurable  traffic  has  been  received.The  min-required-measurements  detenna 
how  many  HRTT  measurements  should  be  taken  before  a  route  is  asserted. 

Other  untested  options  include  the  ability  to  change  the  outage  control.  6 np-'  ■ 

and  metric  change  threshold. 

Overall  our  tests  showed  that  PathControl  can  assist  in  monitoring,  contri  T  -  ; 
optimizing  Internet  connections.  It  also  provides  a  reliable  mechanic'  :t  fo<  •  «• 
preferred  routes  based  on  latency  measurements  and  user  configuciOii  met 
The  increase  in  egress  routing  performance  by  PathControl  can  provide  u  definite 
turn  on  investment. 

Goddard  and  Vaughn  are  network  engineers  at  the  University'  ot  Florida.  T!  y  car, 
be  reached  at  ggoddard@ufl.edu  and  rwvaughn@ufl.edu. 
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saving  time,  effort  and  money  when  you 


take  a  software  vendor  up  on  its  offer  to 
sow  its  product  across  your  network. 

In  reality, you’re  risking  your  network’s  reli¬ 
ability  when  you  nod  your  head  in  assent 
and  tell  the  vendor  to  schedule  system 
engineer  visits  to  your  sites.  When  the  sys- 
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tern  engineers  finish  the  installation,  you 
become  responsible  for  reinstalling  the 
product  when  hardware  failures  crop  up. 

Likely  very  late  on  a  Friday  night,  a  net¬ 
work  adapter  card  fails  in  one  of  your 
servers.  The  troubleshooter  called  in  to  fix 
the  problem  decides  to  replace  the  failed 
adapter  or  shift  the  computing  workload  to 
a  spare  computer.  In  either  case,  the  trou¬ 
bleshooter  spends  the  rest  of  the  night  and 
part  of  the  next  day  putting  the  computer 
back  to  work. 

If  the  troubleshooter  decides  to  shift  the 
workload  to  a  spare  computer,  the  first 
problem  occurs  when  the  documentation 
doesn’t  adequately  describe  the  necessary 
steps  to  fire  up  the  software.  The  system 
engineer  who  performed  the  original 
installation  might  have  taken  some  short¬ 
cuts  or  might  have  put  files  into  different 
directories  to  avoid  disk  space  problems. 
But  those  moves  aren’t  noted  anywhere. 

Whether  your  troubleshooter  replaces 
the  failed  network  adapter  or  switches  to 
a  spare  computer,  a  license  key  error  is 
surely  the  next  roadblock.  Intended  to 
thwart  software  piracy,  license  key  schemes 
tie  the  software  to  a  specific  media  access 
control  address,  IP  address,  digital  certifi¬ 
cate  or  parallel  port  hardware  device.  On- 
call  troubleshooters  get  to  drink  lots  of  cof¬ 
fee  while  third-shift  vendor  support  people 
try  to  generate  new  license  keys. 

When  we  evaluate  network  software  in 
the  lab,  we  resist  vendor  installation. 
Because  vendors  love  to  take  time  during 
the  installation  process  to  give  pep  talks 
about  the  product’s  features,  those  vendors 
of  otherwise  superior  products  that  don’t 
send  system  engineers  to  perform  the 
installation  are  at  an  unfair  disadvantage. 
We  want  to  experience  the  installation  pro¬ 
cedure  to  discover  how  modular  the  prod¬ 
uct  is  and  how  difficult  that  procedure  is. 
Moreover,  we  almost  always  install  the 
product  on  different  computers  to  see  how 
it  behaves  in  different  computing  environ¬ 
ments,  and  that  second  or  third  installation 
may  very  well  take  place  late  on  a  Friday 
night.  Fortunately,  when  they  learn  about 
these  subsequent  unscheduled  installa¬ 
tions,  most  vendors  forego  sending  the  sys¬ 
tem  engineer  and  just  ship  us  the  software. 

When  a  vendor  says  your  software  pur¬ 
chase  includes  installation.avoid  the  temp¬ 
tation  to  say  “Just  let  me  know  when  it’s  fin¬ 
ished.”  Make  sure  you  oversee  the  installa¬ 
tion  procedure, and  plan  to  carry  out  a  fire 
drill  to  ensure  you  can  reinstall  the  product 
when  necessary.  Under  no  circumstances 
should  you  let  the  vendor’s  system  engi¬ 
neer  leave  your  office  before  your  staff 
clearly  understands  the  procedure  for  gen¬ 
erating  new  license  keys  or  otherwise  get¬ 
ting  the  software  back  up  to  speed  if  a  net¬ 
work  adapter  or  entire  computer  fails  late 
on  a  Friday  night. 

Nance,  a  software  developer  and  consul¬ 
tant  for  29  years,  is  the  author  of 
Introduction  to  Networking,  4th  Edition 
and  Client/Server  LAN  Programming.  He 
can  be  reached  at  barryn@erols.com. 
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Technology  Leaders  Answer  To  You 


STATE  OF  SECURITY: 


GUIDING  YOUR 
WAY  TOWARD  A 


A 


Connect  With  Industry  Experts  As 
They  Provide  Real  World  Advice 
On  Network  Security. 

In  one  da/  discover  the  latest  products,  services  and 
information  regarding  network  security.  Topics  include: 

■  Integrating  and  managing  disparate  security  devices 

■  Where  privacy  and  accountability  fit  into  your  network 
security  plan 

The  risks  and  rewards  of  integrating  PKI 

■  The  pros  and  cons  of  VPNs 


■  Securely  linking  wireless  technologies  into  your  network 


Coming  To  A  City  Near  You. 
Don’t  Miss  Out! 


Join  industry  leaders  Joel  Snyder, 
PhD  and  senior  partner  of  Opus 
One,  and  Sandra  Gittlen,  events 
editor  of  Network  World  for  a 


technical  event  that  focuses  on  the  next  level  of 
enterprise  security. 


To  sponsor  this  premier  Network  World  Town  Meeting  or  if 
you  are  interested  in  on-site  training  for  your  company,  contact 
Andrea  D’Amato  at  508-490-6520  or  adamato@nww.com. 


May  22 
May  23 
June  4 
June  5 
June  19 
June  20 


Dallas,TX 

Chicago,  IL 

New  York,  NY 

Boston,  MA 

San  Francisco,  CA 

Los  Angeles,  CA  (Irvine) 


This  event  is  intended  for  IT  professionals  currently  involved 
in  the  evaluation  and  purchase  of  security  products  and 
services.  Seating  is  limited  to  non-IT  professionals.  Network 
World  reserves  the  right  to  determine  total  audience  profile. 


VNUS!  Register  now  using  your  VIP  code:  SEC1  at  www.networkworld.com/events/security 


or  call  800-643-4668  and  have  the  chance  to  win  a  $200  American  Express  Gift  Cheque. 
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■  CAREER  DEVELOPMENT 

■  PROJECT  MANAGEMENT 

■  BUSINESS  JUSTIFICATION 


How  safe  is  your  data  center? 

Follow  these  tips  to  prevent  your  IT  staffers  from  being  injured. 


Sounds  like  a  nightmare?  It’s  a  reality  for 
some  IT  professionals  who  work  at  a  data 
center  visited  by  Rob  Snevely  a  data  center 
design  expert  with  Sun.  When  Snevely 
asked  why  the  floor  was  raised  so  high  from 
the  ground,  he  was  told  it  gave  workers 
enough  space  to  crawl  underneath  and  lo¬ 
cate  troublesome  cables  “I  consider  having 
to  work  in  an  environment  like  that  haz¬ 
ardous,”  he  says. 

Have  you  ever  tripped  over  an  old  and 
buckled  floor  tile?  Ever  stepped  into  a  hole 
where  a  floor  tile  had  been  lifted  up?  Here 
are  some  tips  for  avoiding  possible  data 
center  mishaps. 


■  BY  LINDA  LEUNG 

Imagine  being  in  a  dark  room  with  a  ceiling  less  than  5  feet  high.  A 
maze  of  network  cables,  electrical  outlets  and  power  conduits  cov¬ 
ers  the  floor,  and  steel  posts  run  every  two  feet.  You’re  crouched 
down  or  crawling  on  your  hands  and  knees,  and  your  back  aches 
from  trying  to  avoid  hitting  your 
head  or  smashing  into  the 
posts.  Fast  air  currents  air  are 
blowing  on  you  from  any  num¬ 
ber  of  directions. 


engineering  data  center  in  Phlo  Alto,  where 
performance  tests  are  carried  out.The  local 
authorities  there  dictate  that  Sun  should 
not  solely  depend  on  its  FM200  gas-based 
fire  suppressant  system,  so  the  company 
also  has  installed  a  sprinkler  system. 

FM200  should  be  kept  in  canisters  in 
the  mechanical  room  ready 


Fire  prevention 

Snevely  says  common  sources  of  fires  in 
data  centers  are  electrical  systems  or  hard¬ 
ware.  However,  he  says, “It  is  far  more  likely 
that  very  bad  practices  are  the  causes  of 
the  fires.  There  have  been  examples  where 
people  were  smoking  in  a  data  center  — 
never,  ever  do  this. 

“1  know  of  one  example  where  highly 
combustible  chemicals  were 
stored  in  the  data  center,  as 
someone  thought  it  was  the 
most  secure,  and  therefore 
safest,  room  in  the  build¬ 
ing,”  he  says. 

In  addition  to  having  a  no¬ 
smoking  policy,  keeping 
aisles  clear  and  checking 
that  ventilation  systems  are 
debris-free,  companies 
should  comply  with  the 
National  Fire  Protection 
Association  (NFPA)  75  stan¬ 


dard  for  the  protection  of  electronic  com¬ 
puter/data  processing  equipment,  plus  the 
general  NFPA  1  fire  protection  code  2000. 
NFPA  75  defines  the  use  of  fire  detec¬ 
tion  systems  and  extinguishers  in 
computer  rooms  and  offers  guid¬ 
ance  on  topics  such  as  disaster 
response  plans;  heating,  ventila¬ 
tion  and  air  conditioning 
(HVAC)  systems;  and  require¬ 
ments  for  raised  floors.  But  it’s 
important  to  note  that  each 
jurisdiction  differs  in  its  inter¬ 
pretation  of  the  codes,  so  you 
should  check  with  your  build¬ 
ing  authorities  on  how  to  adopt 
these  standards. 

Sun  has  a  10,000square-foot 


More  online! 

Find  an  assortment  of 
workplace  safety  tips. 

Docfinder  8927 


to  be  piped  into  the  data  center  through 
the  ceiling  or  raised  floor.  It  also  should  be 
deployed  before  any  water-based  system. 

Data  centers  should  have  emergency 
power-off  switches  near  doorways  that  can 
be  manually  or  automatically  activated,  not 
only  when  a  potential  fire  risk  is  detected, 
but  also  in  an  electrical  emergency 

What’s  more,  companies  should  have  pro¬ 
cedures  covering  when  to  activate  emer¬ 
gency  resources  and  evacuate  personnel 
in  the  event  of  a  fire.  Sun’s  data  center 
has  visual  sirens  that  circulate  light 
beams  around  the  room  to  notify  all  staff 
of  an  emergency. 


Data  center  layout 

Sun  recommends  that  the  temperature  in 


data  centers  should  be  72  degrees  Fahren¬ 
heit  with  humidity  at  45%.  If  the  air  is  too 
dry  the  risk  of  electrostatic  discharge  is  in¬ 
creased,  and  if  it’s  too  moist,  there’s  the  risk 
of  erosion  of  the  equipment. 

Keep  an  aisle  of  32  inches  between  rows 
of  systems,  with  each  row  measuring  12  to 
16  feet  wide,  to  use  as  emergency  exits. 

To  prevent  floor  tiles  from  buckling 
under  the  weight  of  computer  systems, 
try  using  cast  aluminum  tiles  that  can 
handle  weight  of  1,750  pounds,  even 
when  perforated. 

When  lifting  floor  tiles,  always  use  lifting 
devices,  such  as  those  with  two  suction 
cups,  and  not  your  fingernails.  If  you  have 
to  leave  parts  of  the  floor  uncovered,  use 
cones  to  mark  clearly  the  area  that  is  open. 

Consider  seismic  bracing  for  equipment 
and  shelving  if  your  data  center  is  located 
in  an  at-risk  area,  particularly  if  your  data 
center  is  above  the  first  floor. 

When  the  6.9  magnitude  Loma  Prieta 
earthquake  struck  California  in  1989, 
Snevely  was  working  in  a  building  in  Palo 
Alto,  45  miles  away  from  the  epicenter  near 
Santa  Cruz.  Computers  on  the  first  floor 
moved  a  few  feet,  but  the  machines  on  the 
fifth  floor  moved  20  feet. 

Working  conditions 

Snevely  says  it  is  best  to  have  at  least  two 
trained  first-aid  personnel  during  each 
shift,  so  if  one  is  injured,  the  other  is  on 
hand  to  help  in  emergencies.“lt  is  a  good 
idea  to  have  a  first-aid  kit  either  in  the  stag¬ 
ing  area  [usually  a  room  adjacent  to  the 
data  center]  or  control  center,”  he  says. 

Noise  in  data  centers  shouldn’t  present 
a  huge  problem  for  employees  if  the 
sound  is  lower  than  85  decibels.  If  the 
continuous  noise  level  is  higher,  the  U.S. 
Occupational  Safety  and  Health  Admini¬ 
stration  requires  that  ear  protection  be 
worn.  Individual  states  may  have  stricter 
requirements. 

You  can  reduce  noise  by  keeping 
mechanical  equipment,  such  as  HVAC 
units,  in  a  separate  room,  and  by  building 
walls  sound-absorbent  materials. 

Finally,  Snevely  has  some  advice  for 
companies  that  like  to  send  data  center 
personnel  underneath  raised  floors  to  lo¬ 
cate  troublesome  cables  —  “color-code 
both  ends  of  cables  so  they  are  easier  to 
locate.”  ■ 
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You  asked  for  a  KVM  switch  that  could  do  more.  We  delivered. 

The  Avocent  DS  Series  combines  analog  and  KVM  over  IP™  connectivity  to  give  you 
access  to  your  servers  from  any  location  you  choose.  Our  DS  Series  gives  you  much 
more  than  just  control  of  your  servers.  Now  you  can  use  the  power  of  IP  to  control 
servers,  routers,  firewalls  and  power  devices  -  all  from  a  single  screen!  Plus,  CAT  5 
connections  simplify  installation,  and  our  IP  architecture  makes  adding  servers  as 
easy  as  point  and  click. 

To  learn  how  Avocent  can  deliver  for  you,  download  a  free  KVM  Tech 
Guide  today  at  www.kvmguide.com  and  see  how  much  more  Avocent's 

DS  Series  can  do. 

Avooant,  the  Avooork  logo, 'The  Rower  ot  Bong  There",  “KVM  over  IP1'  and  DSView  are  trademarks  of  Avocent  Corporation.  Al  other  marks  are 
the  property  ol  ther  respective  owners.  Copyright  C  2002  Avocent  Corporation. 


DSView  gives  you  "Click  and  Connect" 
access  and  control  of  all  the  KVM  and  serial 
devices  in  your  data  center. 
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Equinox  Dial  Access 
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Provide  4  or  8  V.90/V.34  data  and  fax  modems 
in  one  easily-installed  easily-configured  adapter. 

•4  or  8-port  adapters 
•Scalable  to  32  ports  per  server 
•Lowest  CPU  utilization 
•Installs  in  minutes 
•Requires  no  interrupts* 

(Saapo©  da? 

Equinox  Multi-modem  Adapters  provide 
up  to  44%  savings  over  the  leading 
competitors  of  similar  products. 

Call  1-800-275-3500,  ext  615 
for  a  FREE  30-day  evaluation! 
or  Email:  sales@equinox.com 
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SST-MM8P  PCI 

Fax  server 
Dial  access 
Data  collection 
Modem  pooling 
Internet  access 


more  infomation  on  Equinox  products  visit  our  website  at  -  www.equinox.com 
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WHAT  DO... 


^  Princeton  University _ 

^The  US  Treasury  Department _ 

^The  Demssratic  National  Committee 

^  The  UCLA  Medical  Center _ 


have  in  common? 


They  all  chose  FASTLINKS  to  handle 
their  needs  for  wireless  WAN  connectivity. 


Call  FAST  LINKS  today 
and  see  what  sets  them  apart 
from  others  in  the  field  of 
wireless  integration. 

pil  Ofl  |^|  1^0  www.wirelesswans.com 
r/ld  I  LIN  VVw  (877)  877-0176  toll  free 


Remove  from  box. 

Insert  Cat  5  cable. 
Manage  100’s  of  servers. 

Paragon®,  the  award-winning  family  of  server 
management  systems  perfectly  suited  for  today's 
large-scale  data  centers.  Paragon's  distributed, 
scalable  architecture  enables  secure  out-of-band 
access  to  hundreds,  even  thousands  of  servers  via 
convenient  Category  5  UTP  cable,  supporting 
distances  up  to  f  ,000  feet  between  users  and  servers. 
Now  available  in  2-user,  4-user  and  8-user  models, 
and  scalable  to  32  users. 

Paragon  +  TeleReach "  combines  this  enterprise- 
class  KVM  technology  with  the  fastest,  most  reliable 
and  secure  way  to  gain  remote  access  to  all  your 
servers,  anywhere,  anytime  via  the  Internet,  LAN/WAN 
or  dial-up  modem.  The  complete,  hassle-free  server 
management  solution,  and  winner  of  Network 
Computing's  Editor's  Choice. 

Paragon-Centric  Solutions.  The  core  technologies 
built  into  Paragon  enable  access  to  all  devices  in  the 
data  center  from  one  or  more  central  locations.  Visit 
www.raritan.com  and  click  on  "Paragon-Centric 
Solutions”  for  more  information. 

Intelligent  KVM  Switch  Technology. 


^Raritan. 

www.raritan.com 

800-724-8090 

Raritan  and  Paragon  are  registered  trademarks  ot  Raritan  Computer,  Inc. 


Yep,  actual  size  (1U)  8  users-  32  servers 
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UPS  Cables  and 


High  Availability  Made  Easy  *****  . . . . 

As  a  leading  supplier  of  end-to-end  UPS  power,  thermal  cooling  and  management  solutions,  BuyUptime.com 
can  accommodate  the  level  of  availability  many  customers  have  come  to  require.  Join  us  today  and  let 
BuyUptime  be  your  one-stop  shop  for  high  availability  solutions. 

(  NetworkAIR  RM  Air  Distribution  Unit 

Put  cooling  right  where  you  need  it  - 

in  the  enclosure! 

This  unique,  2U,  rack-mounted  fan  tray  works  with  existing  preci¬ 
sion  air  conditioning  systems  to  deliver  additional  cool  air  to 
rack-enclosed  equipment.  Install  this  unit  at  the  bottom  of  your 
enclosure  and  the  unit's  dual  fan  system  will  pull  cool  air  up 
from  the  raised  floor,  directly  cooling  your 
equipment,  thereby  eliminating  localized  hot  spots. 


Benefits  Include: 

■  Provides  the  additional  airflow 
needed  to  cool  densely 
packed  enclosures 

■  Dual  fans  provide  an  air  pattern  that  equalizes  airflow 
to  the  top  and  bottom  of  your  rack  equipment 

■  Enhances  air  quality  to  equipment  by  providing  30% 
efficient  filtration 

■  Fits  most  leading  enclosure  designs 


BuyUptime.com 

Your  One-Stop  Shop  for  High  Availability  Products 


www.  buyuptime.  com 


UPS  Management 


UPS  Management 
_ Software 


UPS  Replacement 


FREE  CATALOG! 

To  see  our  complete  selection  of  high  availability 
solutions,  order  your  FREE  Buyllptime.com  catalog. 

Call  Toll  Free  888-288-8843 

or  visit  us  on  the  Web  -  www.buyuptime.com 


For  special  pricing  go  to: 

http://promo.buyuptime.com  and  enter  Key  Code  e513y 

©2002  Systems  Enhancement  Corp.  All  Trademarks  are  the  property  of  their  owners. 
Call:  888-288-8843  •  Fax:  (877)  411-2080  •  E-ma\\:customerservice@buyuptime.com 
801  Corporate  Centre  Drive,  St.  Charles,  MO  63304  •  BY2A1  EP-USc 
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$  telnet  onella 
Trying  192. 168. 100. 137... 

Connect ion  to  onella. 

Escape  character  is  ,A]', 

PORT  AND  ACCESS  SETUP  MENU 

1)  Change  first  TCP/IP  port  [1024] 

2)  Change  first  TCP/IP  port  [1024] 

3)  Change  first  TCP/IP  port  [1024] 

4)  Change  first  TCP/IP  port  [1024] 

5)  Quit 

[  NOTE:  You  currently  have  unsaved  modifications  ] 
Enter  an  action  (1/2/3/4/5)  [5]:  | 
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Driven  by 


Enterprise-level  Redundancy, 
Availability,  Scalability  and 
Security  at  $100  per  Port 
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RTS  Console  Access  lerminal  Server 


You  can  administer  and  access  any  number  of  consoles  from  a  single  interface. 

You  can  perform  remote  real-time  monitoring  and  delegated  administration  with 
the  SSL-protected  JavatmGUI. 

Test  Drive  an  RTS  online  at  http://admc.com/testdrive 

Term  Master  Copyright  2002  Axis  Data  Management  Corp.  Java  and  alt  Java-based  marks  are  trademarks  or  registered  trademarks  of  Sun  Microsystems,  Inc.  in  the  U  S  and  other  countries 
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Security 


Firewall  Appliances 


ICSA  Certified 

Box 

System  Software 

Features  include: 

•  High  Performance 

•  Built-in  IPsec  VPN 

•  Stateful  Packet  Inspection 

•  Dynamic  &  Static  NAT 

•  PPP  and  PPPoE  Support 

•  DHCP  Services 

•  DNS  Server 

•  Mobile  VPN  Client  Support 

•  Content  Filtering 

•  Gigabit  Ethernet 

•  Secure  Remote  Management 

•  Email  Proxy 

Sales:  (800)  775-4GTA 
Tel:  (407)  380-0220 
Email:  info@gta.com 
Web:  http://www.gta.com 


RoBoX  Firewall 

Remote  office/branch  office  versatile  firewall 
appliance  for  offices  with  fewer  users. 


GB-1000  Firewall/VPN  Appliance 

High  performance,  firewall  with  unlimited  user 
license,  IPSec  VPN  and  High  Availablity  feature. 


Firewall  Software  Systems 


GB-  Flash 

All  the  power  and  functionality  of  the  GB-1000  on  an  easy  to 
install,  solid-state  flash  memory  module. 

GNAT  Box  Pro 

Simple,  powerful,  high  value  firewall  that  runs  and  boots  from  a 
floppy  diskette  on  a  486  CPU  (or  higher)  and  1 6MB  of  RAM 


Global  Technology  Associates,  Inc. 

Firewall  developers  since  1994 
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FROM  ANYWHERE 


Server  Am 


. 


The  UltraLink  is  the  Rose  Electronics  answer  to 
Modem  and  Ethernet  remote  access! 

Server  access  over  IP  technology  allows  you  to 
access,  control  and  provide  computer 
maintenance  from  anywhere  in  the  world.  When 
combined  with  Rose  KVM  switch  technology, 
server  management  administrators  can  have 
faster  access  saving  time  and  money. 


USA  CANADA  ENGLAND  FRANCE  GERMANY  .  BENELUX  .  AUSTRALIA  SINGAPORE 


Rose  Electronics 

10707  Standiff  Rd. 
Houston,  Texas  77099 

281-933-7673 


800-333-9343 


WWW.ROSE.COM 


With  dial-in,  dial-back  security  and  high- 
resolution  quad  screen  and  SSL  encryption,  the 
UltraLink  raises  the  KVM  industry  bar  in  remote 
server  access. 


A  KVM  industry  pioneer,  Rose  Electronics  is 
recognized  for  superior  KVM  switch  technology 
Product  integrity,  simplicity,  and  reliability  are 
the  hallmarks  of  all  Rose  products. 


Call  Rose  to  learn  more  about  remote  s~'  >  •  r 
management  today. 


,  fi 


JgkROSE  | 

ELECTRONICS 

. .  j 


Access  Your  Network  Equipment  from  Anywhere 


Telnet  and  Dial-Up  Console/AUX  Port  Switch 


Telnet  and  Dial-Up  Network  Power  Switch 


Cost  Effective  Terminal  Server  Alternative 


Reboot  Locked-up  Equipment 


10Base-T  Ethernet  Interface 


RS232  Ports 


Console  Management  Switch  (CMS)  ) 


8, 16  or  32  RS232  DB-9  Serial  Ports 
Simultaneous  Telnet  Sessions 
Non-Connect  Port  Buffering  -  32K 
IP  Security  Features 

Modem  Auto-Setup  Command 
Strings  (User  Definable) 

NEBS  3  Approved 


REMOTE  /CMINISrWQCR 


LOCAL  TERMINAL 


Individually  Controlled  Outlet  Rugs  (8) 


lOBase-T  Ethernet 
Interface 


19”  Rack  Brackets 
Allow  Front,  Back, 
or  Center  Mounting 


Dual  15  Amp 
Power  Circuits 


Local  RS232  Console  Port 


Modem  Port  for 
Out-of-Band  Management 


(  Network  Power  Switch  (NPSp 

8  Individual  Outlets  •  Outlet-Specific  Password  Security 

On/Off/Reboot  Switching  •  Network  Security  Features 

Integral  1 0Base-T  Interface  •  1 1 5-VAC  (230-VAC  available) 
Co-Location  Features  •  Power-Up  Sequencing 


□ 
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western  telematic  incorporated 

5  Sterling  •  Irvine  •  California  •  92618-2517 


www.wti.com 


See  us  at  Networld+lnterop,  Booth  #8526 


(800)  854-7226 

Keeping  the  Net. .Working! 


There  Is  A  Better  Way  To  Troubleshoot  &  Manage  Your  Network 


OBSERVER' 


OBSERVER 

SUITE 


Quickly 


Prevent 


Expert  Observer 

bserver  Suite 
$3995 


Observer® — Quickly  identifies  network 
trouble  spots  and  costs  thousands  less  than 
expensive  hardware-based  analyzers. 
Observer  provides  metrics,  capture,  and 
trending  for  both  shared  and  switched 
environments. 

•  Full  packet  capture  and  decode  for  over 
500  protocols,  including  TCP/IP  (v4  &  v6), 
NetBIOS/NetBEUI,  XolP,  SNA,  SQL,  IPX/SPX, 
Appletalk  and  many,  many  more! 

•  Switched  mode  sees  all  ports  on  a  switch 
gathering  statistics  from  an  entire  switch  or 
capture/statistics  from  any  port(s) 

•  Long-term  network  trending  collects 
statistical  data  for  days,  weeks,  months, 
even  years 

•  Real-time  statistics  include  Top  Talkers, 
Bandwidth,  Protocol  Statistics,  and 
Efficiency  History 

•  Ethernet  (10/100/Gigabit),  Token  Ring, 
FDDI,  and  Wireless  802. 1 1 — no  need  to 
purchase  separate  tools 


•  Windows ®  98/Me/NT/2000/XP  compatible 

•  Over  4,000  frame  types  recognized 

Expert  Observer — Identifies  problems  and 
provides  Expert  information  in  plain  English. 

Includes  all  of  the  features  of  Observer  plus 
real-time  and  post-capture  expert  event 
identification  and  analysis — new  SQL  and 
Frame  Relay  experts  add  to  the  many  other 
protocols  covered,  time  synchronization 
technology,  and  modeling  of  network  traffic. 

Observer  Suite — The  ultimate  tool  for 
the  most  demanding  power  user. 

Provides  a  full  complement  of  tools  that 
includes  all  of  the  features  of  Expert 
Observer  plus  SNMP  management,  RMON 
console/Probe  and  Web  reporting.  Includes 
one  remote  Probe. 

If  you  have  any  network  problems,  find 
out  the  cause  with  Observer,  Expert 
Observer,  or  Observer  Suite. 


Call  800-526-7919  or  visit  us  online  for  a  full-featured  evaluation: 

www.NETWORKINSTRUMENTS.com 

US  (952)  932-9899  •  Fax  (952)  932-9545  •  UK  &  Europe  +44  (0)  1959  569880  •  Fax  +44  (0)  1959  569881 


NETWORK 

INSTRUMENTS 


©2002  Network  Instruments,  LLC.  Observer,  “Network  Instruments”  and  the  “N  with  a  dot”  logo  are  registered  trademarks  of  Network  Instruments,  LLC. 
All  other  trademarks  are  property  of  their  respective  owners. 


RACK  MOUNT  TFT  DISPLAYS 

We  provide  the  solutions  for  your  rack  mount  display 
requirements  with  our  innovative  TFT  product  line. 


KEYBOARD,  TOUCHPAD  AND  TRACKBALL  OPTIONS 
1 U,  2U  AND  PANEL  MOUNTED  CONFIGURATIONS 
12.1”,  13.3”,  15”  AND  17"  TFT  DISPLAY  SIZES 

Contact  us  for  more  information. 

www.recortec.com  1-800-729-7654  info@recortec  .com 

)ET  Proudly  manufactured  in  the  U.S.A.  by  §5 

RECORTEC,  INC. 

1620-A  Berryessa  Road  San  Jose,  Ca  95133  Tel:  (408)  928-1480  Fax:  (408)  729-3661 


Authorized  Reseller 

Buy  Sell  Lease  Repair 

New  Refurbished  Used 

Routers  Nortel  DSU/CSUs 

Switches  Memory  3Com 

Hubs  ISDN 

1  877  231  2451 


www.wdpi.com 

Email:  cisco6@wdpi.com 


Cisco  Systems 


.m  i . .  hi. 


Rhki.uk 


If  you’re  responsible  for  safeguarding  your 
organization's  intellectual  assets  and  enterprise 
netw  orks,  SilentRunner  is  your  next  step  in 
security  technology.  Our  patented  Netw  ork 
Security  Analysis  products  provide  you  the  abil¬ 
ity  to  cost-effectively  safeguard  your  electronic 
properly  by  correlating  remote  and  internal 
communications  and  data  into  critical  decision¬ 
making  information. 

SilentRunner  s  state-of-the-art  visualization 
technology  further  empowers  oiganizations  to 
solve  complex  problems  by  expediting  network 
security  and  network  management  decision¬ 
making  efforts. 


Information  Rules.  Protect  Yours 
For  your  free  "Risk  Management 
&  Security"  White  Paper,  visit 
www.silentrunner.com,  or  call 
800-842-2366  ext  2  today. 


SilentRunner 

www.silentrunner.com 

849  International  Drive  •  Linthicum,  Md  21090  •  800-842-2366 


Seeking  Solutions  ...NTI  Has  The  Answers! 

BREAKTHROUGH 
CAT5  KVM 
EXTENDER 


“I  need  to  extend  control  & 
protect  my  computers  from 
hazardous  conditions.” 


i*  • 


MUSs 


■  Allows  one  keyboard, 
monitor  &  mouse  to  be 
placed  up  to  575  feet 
from  the  computer  or 
NTI  KVM  switch  using 
in-house  Cat5  phone 
wiring. 

■  Available  in  both  KVM 
and  Video  Only  models. 

■  Compatible  with  PC, 
SUN  &  MAC  computers 
as  well  as  all  NTI  KVM 
switches. 


■  Crisp  &  clear 
1 280x1024  resolution 


ST-C5-KVM  (Local  and  Remote  Unit) 

UNIVERSAL  CAT5 


BUY  ONLINE  at  www.nti1.com 


Phone:  800-742-8324 


Email:  sales@nti1.com 

CAT5  KVM  SOLlfT 


1275  Danner  Drive  *  Ayr K 
330-562-7070  *  FAX:  S-W 


fc*  1  ’  ?S 


its  a 

HO  brainerj 


jPtay  Less  Get  Afore 


Phone:  800-439-8558  or  718-894-7500 

56-29  56th  Drive,  Maspeth ,  NY  1 1 378  USA  Fax:  718-894-1 573 


»  Cisco  Systems  ■  Extreme  Networks 
■  Juniper  Networks  ■  Foundry  Networks 

www.digitalwarehouse.com 

digital 

Your  Information  Superhighway  Discount  Source ® 


Nortel  Networks 
Lucent  Technology 
Alcatel 

Riverstone  Networks 


Increase  Your  Exposure  with 
NetworitWorid's 
Response  Cards! 

Issue  Date:  July  15 
Ad  Close:  June  10 


N^RTELnetworks 


Cisco  Srtim 


CaBL^I^P  ^  Bay  Networks 


BROWSING  THE  AUCTIONS? 
Consider  Wliat  You  Get: 

National  LAN  Exchange  Auctions 


•  Nortel  Service  Contracts 

•  Nortel  Service  Renewals 

•  Next-Day  Hardware 
Replacement 

•  Free  Technical  Support 

•  One  Year  Warranties 

•  New  and  Used  Equipment 

•  Hundreds  of  Pieces 
in  Stock 

•  DesigrVlnstal  Services 

•  Fast  Overnight  Delivery 


•  No  Service  Contracts 

•  No  Service  Renewals 

•  No  Replacements, 

No  Guarantees 

•  No  Support 

•  No  Warranties 

•  Who  Knows? 

•  Sometimes  Available, 
Sometimes  Not 

•  No  Services 

•  Inconsistent  Delivery 


Make  the  Smart  Choice 


www.NLE.com 
New/Used  •  Buy 'Sell 
National  LAN  Exchange 


888-8LANWAN 

(888-852-6926) 


The  Hub  of  the  Hetwork  Buy 


Be  a  part  of  Network  World's 
SuperComm  Planning  Guide 

Issue:  May  27 


If  your  company  is  planning  to  exhibit  at 
SuperComm  in  Atlanta,  then  Network 
World's  Planning  Guide  is  a  must! 

Get  extra  exposure  in  this  pre-show/planning 
guide  issue  and  pave  the  way  for  increased 
traffic  at  your  booth.  Plus,  receive  bonus 
coverage  on  an  outsert  under  the  belly  band 
of  the  SuperComm  June  3  "Show"  issue. 


Call  your  sales  rep 
for  details  or 
EMAIL: 

directresponse@nww.com 

TEL: 

800-622-1108  ext.  6507 

FAX: 

508-460-1192 


Training 

(813)  925-0700 
j  www.bosontraining.com 
j  CCIE,  CCNP,  CSS1,  CCNA,  Cisco 
wireless,  CISSP 


T  PMG  NetAnalyst 

1  (800)  645-8486 
|  www.NetworkTraining.com 
Network  Forensic  Analysis  and 
Security  Training  and  Services 

| Learnkey  Inc. 

(800)  865-0165 
i  www.leamkey.com 
j  Self-paced  online  CD  network 
I  certification  developer  bus/apps 


To  Place  Your 
Listing  Here 
Call  Enku  Gubaie 
at  1-800-622-1108 


Contact  these  companies 
today  to  help  you  with  your 
training  needs! 


NetWorld+Interop 

NetWorld+ Interop 

NetWorld+Interop 

Don't  miss  the 
May  6  issue  of 
Network  World  with 
bonus  distibution  at 
NetWorld+Interop  in 
Las  Vegas! 

Issue  Closes:  April  24 


Get  More  lor  Today's  Budget! 

Contact  BIZI 
to  SAVE  up  to  80% 

•  50-80%  Savings  off  Retail  List  Prices 

•  120-Day  Warranty 

•  1 00%  30  Day-Money  Back  Guarantee 

•  Large  Inventory,  Same  day  Shipping 

•  Supplying  Quality  Networking  Products 
for  Over  10  Years  with  In-House  Technical  Support 

Request  a  Quote  on-line  at: 

http://www.bizint.com  or  info@bizint.com 

(877)  438-2494 

or  (315)  458-9606  fax:  (315)  458-9493 
We  Buy,  Sell,  Trade  and  Lease... 


Your  global  partners  In  new  8  quality 
pre-owned  networking  equipineflt 


CISCO,  BAY/NORTEL,  3COM,  CABLETRON,  EXTREME,  FOUNDRY,  JUNIPER 


WRCA.NET 

NEW  USED 


AUTHORIZED  RESELLER 
Access/Routers/Switches 
Cisco  Livingston  Ascend 
3Com  US  Robotics  Kentrox 
Adtran  BayNetworks  Xyplex 
Computone  Digital  Link 
Modems  /  DSU  /  Muxes 


IBM  UDS  Codex  Hayes  GDC 
Micom  Microcom  Paradyne 
ATT  MultiTech  Penril 
Racal  Telebit  Zoom 

WE  BUY  AND  SELL 
www.wrca.net 

800-699-9722 


We 

Buy 


& 


Since  1985 


Sell 


CISCO 


New  &  Used 
Fully  Guaranteed 
Overnight  Delivery 


Se  habla  Espanol 
Wfr  sprechen  Deutach 


800.451.3407 


I  Castilian  On* 


Routers 
Switches 
Interface  Modules 
Access  Servers 
Accessories 


www.  network  hard  warc.com 


NETWORK  HARDWARE  RESALE 


(D 


careers.com 


IT  CAREERS 


.  dhs&* 


careers 


Senior  Software  Engineer 

Pitney  Bowes  Inc.  has  an  imme¬ 
diate  opening  in  its  Danbury. 
Connecticut  office  for  a  Senior 
Software  Engineer. 

Expand  the  features  and  capa¬ 
bilities  of  the  Company's  product's 
mission  critical  real-time  control 
system  and  is  responsible  for  all 
aspects  of  the  software  develop¬ 
ment  lifecycle,  from  require¬ 
ments  gathering  to  release 

Must  possess  a  bachelor's  degree 
in  Computer  Science,  Engineenng 
or  a  related  field  and  several 
years  of  relevant  work  experi¬ 
ence.  Experience  must  include 
OOAD  and  C++  under  Windows 
NT  on  a  large  scale,  multi-devel¬ 
oper  software  projects,  Software 
Analysis  and  design  using 
generally  accepted  software 
engineering  tools,  processes 
and  practices,  Industrial  RTOS, 
multithreaded  architectures,  with 
emphasis  on  Industrial  Automatron 
and  Control.  COBRA  with  Client/ 
Server  Architectures,  COM/ 
DCOM/COM+.  MFC,  TCP/IP. 
Sockets,  OOP/OOD,  Java.  ActiveX 
Automation,  Control  and  Con¬ 
tainers,  porting  of  real-time 
applications  from  Visual  C++ 
to  Java  and  the  application  of 
computer  graphics  into  real-time 
application  using  Visual  C++  and 
Java. 

Resume  and/or  cover  letter  must 
reflect  each  requirement  above 
and  specify  reference  code 
MISSA  or  it  will  be  rejected. 

Forward  resume  to  Robbin  Drew 
Elliott,  Pitney  Bowes  Inc.,  One 
Elmcroft  Road,  Stamford,  CT 
06926-0700 


Software  Engineer  wanted  for 
NJ  based  Co  for  job  Iocs 
throughout  the  USA.  Must  have 
Master's  degree  in  Comp.  Sc., 
Engg.,  2  yrs.  of  exp.  &  proficiency 
in  Unix,  Oracle,  C/C++.  Respond 
to:  HR  Dept.,  eComServer,  Inc., 
116-200  Village  Blvd.,  Ste.  200, 
Princeton,  NJ  08540.  (Ref: 
RG8181IM). 


Computer  Programmer 

Design,  develop,  and  test  web- 
based  software  for  the  visualization 
of  3-D  mechanical  assemblies 
and  2-D  drawings  utilizing  OOP 
techniques.  M  S.  in  Computer 
Science,  Computer  Engineering 
or  related.  Must  have  graduate 
coursework  in  rendering  and 
modeling,  and  at  least  6  mos. 
experience  in  the  3-D  animation. 
40  hr/wk,  9-5.  Send  resume  to: 
C-M  Huang,  VP  of  R&D,  Alventive 
Inc  ,  700  Galleria  Parkway,  Ste. 
400,  Atlanta,  GA  30339. 


♦ 


Database  Administrator  sought 
tor  F/T  employment  by  info 
technology  co  in  NYC.  Manage 
database  applications  and  design 
database  architecture.  Use 
Oracle,  PL-SQL.  MS-SQL,  MS- 
Access.  Resumes  to  Enterprise 
24x7  Inc.,  292  Fifth  Ave  ,  4th 
Floor,  New  York,  NY  10001 


Programmers,  Jr.  Programmers, 
Software  Engineers,  Systems 
Admin  &  DBAs  Consulting  Com¬ 
pany  with  diverse  client  require¬ 
ments  seeks  professionals  in:  (a) 
Oracle  Apps-Financials,  Manu¬ 
facturing,  HRMS,  AOL  &  Systems 
Administrator,  (b)  Mobile  apps. 
with  Palm,  mobile  server,  Syncml, 
Smart  Phones,  CE,  scalability/ 
engg.  in  Java  and  related  tools- 
Javascript,  Servlets,  JDBC,  Perl, 
CGI,  C,  J-Builder,  WML,  XML, 
Shell  Scripts  (c)  Weblogic/Web- 
sphere,  Java/related  tools,  Ora¬ 
cle/related  tools,  C,  C++,  Swing, 
XML,  RMI  (d)  Java/related  tools, 
Oracle/tools,  Cobol,  Access,  C, 
C++,  Java  Web  Server,  Apache 
Web  Server:  (e)  Solaris,  CO 
Open  Server,  Unix  Ware, 
Unisys/AT&T  Unix,  NT,  Netcool, 
Oracle  DBA,  C,  C++,  SunSparc, 
Netfinity,  U6000,  Voice  IP  (f) 
Raima  Data  Manager,  Appletree, 
Oracle,  C,  C++,  COBOL,  ASP, 
TCP/IP  in  VOS,  Stratus  XA/R320/ 
Continuum  Mainframe,  Unix, 
Windows;  (g)  SAP  R/3-MM,  PP, 
LIS,  ABAP  P/4,  Oracle,  C,  ASAP, 
Seagate,  Mercator.  All  positions 
require  travel  to  client  sites. 
Prevailing  wage/benefits.  Send 
resume  to  HR,  Codesoft  Inti', 
Inc.  8725  Dunwoody  PI.,  Ste.  8, 
Atlanta,  GA  30350.  EOE. 


Software  Developer 
Deltek  Systems,  Inc.,  a  provider 
of  enterprise-level  solutions 
for  project-oriented  businesses, 
has  an  opening  for  a  Software 
Developer.  The  position  includes 
applying  engineering  principles 
and  techniques  in  the  research, 
design  and  development  of  com¬ 
puter  software  for  various  appli¬ 
cations.  Responsibilities  include 
analysis  of  software  requirements 
to  determine  feasibility  of  design 
within  time  and  cost  constraints; 
evaluation  of  interface  between 
hardware  and  software;  and 
operational  and  performance 
requirements.  Develop  and  direct 
software  system  testing  proce¬ 
dures,  programming  and  docu¬ 
mentation.  Consult  with  clients 
concerning  maintenance  of  soft¬ 
ware  and  systems.  Minimum 
requirements  are  a  Bachelors 
Degree  in  Computer  Engineering, 
Electronics  Engineering,  Com¬ 
puter  Science,  or  the  foreign 
equivalent  and  four  (4)  years 
professional  experience  as  a 
Software  Developer.  Send  resume 
to:  Deltek  Systems,  Inc.,  8280 
Greensboro  Drive,  McLean, 
Virginia  22102,  Attn:  Human 
Resources,  Ref.  OP222. 


Software  Engineers  &  Program¬ 
mers.  "Web  enable"  legacy 
applications  to  facilitate  EDI, 
e-commerce  and  communica¬ 
tion  using  ADABAS,  Cobol,  VB, 
FANTM,  ION,  VPN,  ADA-SQL, 
ASP,  Oracle  and  related  tools. 
Prevailing  wage  &  benefits. 
HR,  Spark  Technologies,  7001 
Peachtree  Industrial  Blvd.,  Suite 
446,  Norcross,  GA  30092.  EOE. 


Sr.  Systems  Analyst  wanted 
by  NJ  based  Co  for  job  loc 
throughout  the  US.  Must  have 
Bachelor's  degree  in  Comp.  Sc. 
or  Engg.,  4  yrs.  of  s/ware  exp.  & 
proficiency  with  Windows  NT, 
Cisco  Routers,  Telecom  & 
network  security  protocols,  VPN, 
SMS.  Respond  to:  Atinav,  Inc., 
16  Pearl  St.,  Ste.  #205, 
Metuchen,  NJ  08840  (Ref.  GG 
8045)  No  phone  calls. 


Infobahn  Technologies  delivers 
innovative  IT  solutions  to  business 
clients  nationwide.  We  have 
immediate  full  time  opportunities 
for  Software  Engineer,  Program¬ 
mers  &  Lead  Analysts.  We  are 
seeking  candidates  with  experi¬ 
ence  in  design,  development, 
implementation  and  maintenance 
of  - 

Post  1  -  web  based  global  systems 
application  allowing  online  ac¬ 
cesses  to  the  client's  products 
and  services.  Manage  &  archi¬ 
tect  a  solution  that  integrates  the 
clients  entire  information  system 
using  C,  XML.  XSLT,  JavaScript. 
HTML,  DHTML,  Java,  Lotus 
Notes  5.0,  Lotus  Domino,  Lotus 
Script  &  Windows  NT/98.  Require 
experience  in  testing,  generating 
reports,  user  training  and 
customizing  of  products. 

Post  2-  Marketing  &  Financial 
control  systems  and  retail  func¬ 
tionality  of  business  applications. 
Experience  in  using  OLAP  tools 
in  Data  warehousing  &  Data 
Modeling,  in  SQL,  PL/SQL, 
Business  Objects,  Web  Intelli¬ 
gence,  Oracle  8.x,  TOAD  & 
Windows  98/NT. 

Seeking  dependable  and  Total 
Quality  customer  service  oriented 
candidates  (2  each)  for  the  2 
positions.  Require  Bachelor's 
degree  in  Computer  Science, 
Engineering,  or  related  field  is 
required  +  2yrs  of  experience  in 
job  offered  or  2yrs  as  a  Software 
Developer.  Job  involves  frequent 
traveling  as  required  by  the 
project. 

We  offer  excellent  salary  & 
benefits  package  for  40hrs/wk, 
8:00  to  5:00p.m.  Send  resume 
to:  Infobahn  Technologies,  288 
Walnut  Street,  Suite  410, 
Newton,  MA  02460  or  hr@ 
infobahntech.com. 

COMPUTER  PROFESSIONALS 
Relycom  Inc.,  a  NJ-based  com¬ 
puter  consulting  firm,  is  seeking 
computer  professionals  with 
strong  technical  &  personal  skills 
for  multiple  openings  in  the 
following  positions: 

•  Software  Engineers -To  design 
&  develop  proprietary  software 
applications  client/server  &  net¬ 
working  capabilities  for  corpo¬ 
rate  entities.  Req:  MS  Deg,  in 
Comp.  Sc.  &  1  yr  exp.  either  in 
job  off'd  or  1  yr  exp.  in  Software 
Dvlp.  Must  demonstrate  ability 
in  Enterprise  Java  with  any 
J2EE  compatible  server/device 
&  networking  in  UPNP/JINI. 
C/C++,  a  plus.  Req:  MS  Deg.  in 
Comp.  Sci.  &  1  yr  exp.  either 
in  job  off'd  or  1  yr  exp  in  S/ 
ware  dvlp.  Must  demonstrate 
designing  capabilities  using 
Design  Patterns,  UML&  Rational 
Rose.  C,  C++  a  plus. 

•  Programmer/Analysts  (Sr  &  Jr) 

-  To  Analyze,  design,  develop  & 
implement  software  /  networking 
programs.  Req:  Bach.  Deg  in 
Elect,  or  Comp,  or  S/ware 
Engg.  &  2  yrs.  exp  in  job  off'd  or 

2  yrs  exp  in  Sys/S/ware  Engg 
field;  Must  be  exp'd  in  CORBA 
&  Multi  Threading.  Req.  Bach 
Deg.  in  Comp.  Sc.  &  2  yrs  exp. 
in  job  off'd.  Must  be  exp'd  in 
Perl  5.0,  Tcl/TK  &  Expect. 

•  Network  Engineers  -To  design, 
configure  &  develop  networks 
and  Cisco  CCIE  lab  using  var¬ 
ious  Cisco  Equip.  Req:  Bach 
Deg  in  Elect.  &  Comm  or  IT  and 

1  yr  exp.  in  job  off'd.  Must  be 
Cisco  Cert.  Network  Prof,  s/ 
ware:  UNIX,  TCP/IP,  MPLS,  IP 
Enabled  Frame  Relay  &  IP 
Enabled  ATM. 

Qualified  Applicants  must  send 
resumes  to:  President,  Relycom, 
Inc  720  King  Georges  Post  Road 
-  Suite  2F  School  House  Plaza 
Fords,  NJ  08863 

F/T  Senior  Database  Consultant. 
Responsible  for  providing  tech¬ 
nical  support  for  database 
administration  &  for  updating 
databases  &  initiation  of  new 
code  path  policies  working 
w/C,  C++,  Java,  Centura,  SUN 
SOLARIS,  UNIX  shell  scripts, 
DEC  UNIX,  Oracle  Developer  & 
Designer  2000,  Oracle  RDMS, 
VAX/VMS  &  PL/SQL,  SOL'Plus, 
&  SQL.  Assist  in  developing 
databases  for  translation  pur¬ 
poses  &  creating  new  applications 
to  initiate  new  product  releases 
to  customers  &  database  tables. 
Setup  production  environments 
including  database  creation, 
BSCS  Oracle  objects  &  setting 
BSCS  environments.  Install  & 
assist  w/  upgrades  for  in-house 
translation  tools  &  provide  support 
for  translation  issues  regarding 
database  or  source  code  for 
the  Graphical  User.  Must  have 
Bachelor's  degree  in  Computer 
Science  or  any  Engineering 
discipline.  Foreign  degree  equiv¬ 
alent  accepted.  Must  have  3  yrs. 
exp.  in  job  offered  or  position  w/ 
same  duties.  Send  resume  to 
Betsy  Moya,  SchlumbergerSema, 
701  Waterford  Way,  Suite  300. 
Miami,  Florida  33126. 

Senior  Systems  Analyst 
(MIS  Storage  Administrator) 

Pitney  Bowes  Inc.  has  an  imme¬ 
diate  opening  in  its  Danbury, 
Connecticut  office  for  a  Senior 
Systems  Analyst  (MIS  Storage 
Administrator). 

Analyze  and  administer  the  data 
storage  systems  for  the  Company 
and  manage  the  space  on  a 
variety  of  storage  device  systems 
along  with  the  utilization  of  mag¬ 
netic  tape.  Responsible  for  the 
data  protection  and  recoverability 
systems,  as  well  as  data  access 
response  time  and  storage  plat¬ 
form  implementations. 

Must  possess  at  least  a  bachelor's 
or  its  equivalent  in  Computer 
Science  or  a  related  field  and 
relevant  experience  as  a  Net¬ 
work  Administrator,  in  a  network 
centric  computing  environment 
and  with  RAID,  DASD,  IBM 
Monitoring  Systems,  Tivoli, TMS, 
CMS,  ADSM,  IMS  and  CICS. 

Resume  and/or  cover  letter  must 
reflect  each  requirement  above 
and  specify  reference  code  MIS¬ 
SA  or  it  will  be  rejected. 

Forward  resume  to  Robbin  Drew 
Elliott,  Pitney  Bowes  Inc.,  One 
Elmcroft  Road,  Stamford,  CT 
06926-0700. 

Software  Engineer:  Senior  Net¬ 
work  Management.  Develop 
carrier  class  Network  Manage¬ 
ment  Systems,  including:  Oracle 
Database  Management,  net¬ 
working,  and  programming,  using 
C,  JAVA,  Extensible  Markup 
Language,  Java  Server  Page, 
Solaris,  and  Unix.  Requires: 
Master's  in  Computer  Science  or 
Electncal/Mechanical  Engineering 
or  academic  equivalent  and  1 
year  experience  in  the  job  or  as 
a  Systems  Analyst.  (Bachelors  in 
Computer  Science  or  Electrical/ 
Mechanical  Engineering  or  aca¬ 
demic  equivalent  plus  5  yrs  of 
progressive  experience  accept¬ 
able.)  Interview  and  job  site  in 
Acton,  MA.  8am-5pm,  40/hrs/wk. 
Wages:  $90,000/yr.  Send  2 
resumes  to:  Case  #  20011542, 
Labor  Exchange  Office,  19 
Staniford  St,  1st  FI,  Boston.  MA 
02114 

F/T  Intermediate  Unix  Systems 
Administrator.  Responsible  for 
administering  &  supporting 
multiple  SUN  UNIX  systems  for 
co.'s  corporate  data  centers. 
Analyze  system  bottlenecks, 
monitor  &  tune  system(s)  perfor¬ 
mance,  basic  shell  scripting, 
troubleshoot  defects  found  as 
well  as  deploy,  install  &  configure 
hardware,  operating  &  control 
systems,  system  security  & 
recovery  services.  Work  w/ 
SUN  Solaris,  SUN  Enterprise 
Servers,  TCP/IP,  NFS,  NIS  & 
DNS.  Must  have  Bachelor's 
degree  in  CS,  Applied  Statistics 
or  related  field.  Foreign  degree 
equivalent  accepted.  Employer 
will  accept  Master's  degree  in 
lieu  of  Bachelor's.  Must  have  8 
yrs.  exp.  in  job  offered  or  position 
w/  same  duties.  Send  resume: 
Mary  Pita,  HR.  R2C-022,  Job 
Code:  IMTCW.  UPS,  PO  Box 
833,  Mahwah,  NJ  07430  or 
mpita@ups.com. 

ZEN  &  ART 

Software  Development  Co.  In  Iselin,  NJ  seeks  to  fill  multiple 
openings  for 

Project  Managers 

Develop  Project  documentation  in  line  with  the  GIS  Management 
methodology.  Implement  project  in  specified  time,  cost  and 
quality.  Ability  to  plan  direct,  allocate  and  manage  staff  to  execute 
project  successfully.  Weil  versed  in  budgeting,  HR,  Scope 
Management  and  Business  Case  Justification.  Knowledgeable 
in  MS  Project  and  PM  tool 

Database  Administrator 

Design,  create,  install,  configure,  tune,  maintain  and  recovering 
larae  databases  (Oracle,  Sybase,  Informix,  IBM  DB/2)  on  UNIX/ 
NTT  Knowledge  of  Oracle  Enterprise  Manager,  Forms,  Reports, 
Erwin,  Replication,  Oracle  Parallel  Server  and  Distributed 
database 

System  Administrator 

UNIX  Sys  Admin  with  technical  expertise  in  an  IBM  AIX,  Sun 
Solaris,  HP-Unix,  Linux  environment,  support  RAID  and  Mass 
Storage  (SAN)  products.  Also  experience  with  AlX/Verilas,  disk 
mirroring,  thorough  knowledge  of  UNIX  Shell  Script,  perfor¬ 
mance  monitoring  utilities,  back  up  utilities,  and  kernel  modi¬ 
fications 

Management  Systems  Analyst  &  System  Analyst, 

Senior  Programmer/Analyst  independently  performs  all  phases 
of  systems  development,  including  development  planning, 
requirement  analysis,  database  design  and  coding,  testing, 
implementation,  and  documentation  or  applications.  Act  as  a 
technical  consultant  to  team  members  in  tne  area  of  expertise 
such  as  Web  E-Commerce,  VOIP,  WAP,  TCP/IP  and  Security 

Technical  Specialist,  Software  Engineers  &  Programmers 

The  Programmer/Analyst  will  analyze,  design,  detail  specification 
document,  code,  test,  and  debug  application  programs  using 
any/multipie  programming  language  and  development  environ¬ 
ment.  C,  C++,  VC++,  Pro'C,  VB,  VBScript,  Java,  Java  Script, 
Enterprise  Java  Bean,  Applets  /  Servlets,  Java  Web  Server  Web 
Sphere,  Web  Logic,  Lotus,  Lotus  Notes,  Active  X,  COM/DCOM, 
Active  Server  Pages,  PERL,  HTML,  DHTML,  XML,  Frontpage, 
SAP  SD  Functional,  ABAP  Programming,  Powerbuilder,  PTC, 
SAP,  Peoplesoft,  Oracle  Financial,  Oracle  APPS,  Designer  2K 
and  Developer  2K 

All  positions  except  Tech  Specialists/Programmers  require: 
Masters  or  equiv  OR  Bachelors  or  equiv  in  Maths,  Science, 
Engg,  Bus.  Admin,  or  Commerce  with  6  months  to  6  years  of 
hands-on  working  experience.  Tech  Specialists/Programmers 
require  2  or  more  years  hands-on  working  experience. 

Candidates  must  be  willing  to  travel  and  be  a  good  team  player. 
Must  be  able  to  work  well  without  close  supervision. 

Respond  by  resume  to:  HR  Dept,  Zen  &  Art  of  Client  Server 
Computing,  Inc.  485  E,  Rt  1  South,  Ste  130,  Iselin,  NJ  08830. 
Fax  732  404-0623  or  email:  currentopenings@zenart.com. 


Software  Developer  (multiple 
positions,  Low  Country,  SC)  to 
design,  develop,  code  and  test 
CAD  applications  in  Linux,  Unix 
and  Windows  operating  systems 
by  using  the  following  skills/tools 
extensively:  C/C++,  XML,  ActiveX 
Controls,  Windows  Sockets,  2D/ 
3D  graphic  technique,  Micro 
Station,  AutoCAD,  Pro-Engineer 
and  Ideas,  Parametric  Modeling/ 
Programming,  CAD  database 
development/customization  and 
Internet.  Must  have  Master  degree 
in  CS,  CIS  or  Engineering  or 
related  fields;  Proficiency  in  Auto 
CAD,  and  Parametric  Modeling/ 
Programming;  $45K-60k/yr.,  40 
hrs/wk,9-5.  Send  resumes  to  Ms. 
Katie  Crawford,  DataBuilt,  Inc. 
1476  Fording  Island  Rd,  Bluffton, 
SC  29910.  Ref.  Code:  SC-YZ2. 


Staff  Engineer  -  AMEC  Tech¬ 
nologies,  a  global  engineering, 
design  and  technology  service 
firm  currently  seeks  applicants 
for  the  following  position  in  its 
Decatur,  GA  office:  Staff  Engineer 
to  develop  mathematical  simula¬ 
tion  algorithms  and  models; 
communication  objects  and  pro¬ 
tocols  using  OLE  for  Process 
Control  (OPC)  interfaces  and 
TCP/IP.  Applicants  for  this 
position  must  have  a  master's 
degree  in  Electrical  Engineering, 
Computer  Science  or  related 
field  plus  5  years  of  job  experi¬ 
ence  in  development  of  models 
for  simulation  of  pressure/flow 
processes  in  industrial  systems 
using  mathematical  methods  for 
computer  simulation  and  object- 
oriented  programming  languages 
in  multi-system  environment  and 
in  development  of  OPC  servers 
and  configuration  of  network 
communication  protocols  based 
on  TCP/IP.  For  consideration, 
please  forward  your  resume 
to:  AMEC  Technologies.  Inc. 
Attention,  Mary  A.  Trizzino,125 
Clairemont  Ave  ,  Suite  570, 
Decatur.  GA  30030.  EOE 


Senior  Systems  Engineer 

needed  at  Brown  &  Williamson 
Tobacco  Corporation  in  Macon, 
GA.  Duties:  Provide  application 
and  technical  support  for  as¬ 
signed  area  and  applications. 
Experience  using  structured 
project  management  methodol¬ 
ogy,  documentation,  and  time 
management  software.  Maintain 
good  working  relationships  across 
departments  within  Information 
Technology  (IT)  and  with  client 
areas.  Analyze  enhancement 
requests,  design,  code  and  test 
enhancements  and  provide  ef¬ 
fective  technical  troubleshooting. 
Work  on  special  projects  includ¬ 
ing  managing  projects  with 
external  vendors.  Technical  skills 
required  include  development 
experience  using  client  server 
tools  such  as  PowerBuilder, 
VisualBasic,  Oracle  Tools,  and 
C++.  Must  have  strong  under¬ 
standing  of  Oracle  and  Informix 
relational  databases  and  strong 
PL/SQL  programming  experience. 
Must  have  database  and  appli¬ 
cation  design  experience,  as  well 
as  Unix  and/or  Windows  NT 
experience  and  an  understanding 
of  IP  and  Novell  networks. 
Requires  experience  in  laboratory 
automation,  Laboratory  Informa¬ 
tion  Management  Systems 
(LIMS),  Chromatograptiy,  and 
instrumentation  interfacing.  Ex¬ 
perience  in  laboratory  system 
validation  in  accordance  with 
ISO  25  Accreditation. 

Must  possess  a  Bachelor's 
degree  in  Computer  Science. 
Engineering,  Chemistry,  or  relat¬ 
ed  discipline.  Requires  5  years 
of  experience  as  a  Computer 
Programmer  or  Analyst  Send 
resume,  including  salary  re¬ 
quirements  to:  Melissa  Harden 
at  401  S.  4th  Avenue,  Ste. 
200,  Louisville,  KY  40202-3426. 
Resumes  without  salary  require¬ 
ments  will  not  be  considered.  No 
calls,  faxes,  or  emails  please! 
Equal  Opportunity  Employer. 
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Echosohere  Corporation 
5701  S  Santa  Fe  Drive 
Littleton,  CO  80120 
SENIOR  NETWORK 
ENGINEER 

Echosphere  Corporation,  the 
world's  leader  in  designing  home 
satellite  reception  electronic  sys¬ 
tems.  needs  a  Senior  Network 
Engineer  to  configure,  implement, 
test  and  maintain  local  area 
networks,  wide  area  networks, 
and  telecommunications  circuits. 
Networks  are  Cisco  Powered. 
Additional  duties  include  deter¬ 
mining  appropriate  security 
measures  and  products;  and 
configuring,  testing  and  monitor¬ 
ing  network  security  including 
intrusion  detection  systems. 
Configuring  routing  protocols, 
multiplexers,  switches  and  fire 
walls  is  required,  as  is  overseeing 
maintenance  and  day-to-day 
operations  of  networks  and 
telecommunications  systems. 
Candidates  should  have  a  bach¬ 
elor's  degree  in  electrical  engi¬ 
neering,  electronics  engineering, 
mathematics  or  physics,  plus  five 
years'  experience  as  a  network 
or  telecommunications  engineer 
configuring,  implementing,  test¬ 
ing  and  maintaining  networks  or 
telecommunications  systems. 
Candidate  must  have  working 
knowledge  in  OSPF  routing 
protocol,  LAN,  WAN  and  Cisco 
Powered  Networks.  Applicants 
should  send  resumes  in  writing 
only  (NO  FAXES  OR  EMAILS)  to 
Mr  Ray  Cooley  at  the  above 
address,  and  should  reference 
Job  number  R1176WH. 


Senior  Programmer  Analyst  - 
Prime  Software,  Inc.  a  developer 
of  client-server  and  Internet- 
based  business  application  soft¬ 
ware  currently  seeks  applicants 
for  the  following  position  in  its 
Lisle,  Illinois  office:  Senior  Pro¬ 
grammer  Analyst.  Applicants 
for  this  position  must  have  a 
bachelor's  degree  in  MIS,  Engi¬ 
neering  or  related  field  plus  5 
years  of  relevant  experience  in 
systems,  application  and  program 
development  using  Powerbuilder, 
complex  database  programming 
in  MS  Sql  Server,  Sybase 
database.  Web  development 
experience  in  J2EE  complaint 
Application  Servers  and  JAVA 
would  be  required.  Experience  in 
working  with  full  cycle  projects 
conforming  to  SE1-CMM  stan¬ 
dards  would  be  an  advantage. 
For  consideration,  please  forward 
resume  to:  Prime  Software,  Inc. 
Attention:  Steve  Good,  5007 
Lincoln  Ave.,  Suite  205,  Lisle.  IL 
60532.  EOE 


Sr.  Programmer/Analyst-Business 
Applications  (West  Des  Moines, 
IA)-Prepare  appropriate  docu¬ 
mentation  for  assigned  projects 
which  includes  detailed  program 
specifications,  codes,  flow  charts 
&  other  documentation.  Analyze 
&  design,  system  software,  & 
participate  in  discussions  &  stud¬ 
ies  aimed  at  selection  of  strategic 
technology  8  software  solutions. 
Req'd  Master's  Degree  in  Busi¬ 
ness  Admin,  or  Engineering  or 
Science  or  Computer  Science  & 
a  min.  of  1  yr  exp  in  the  above 
job  or  as  System  Analyst,  40 
hrs/wk.  9am-5pm.Please  send 
cover  Itr  &  resume  to  ADP  Human 
Resources.  MS2,  P.O.  Box 
10394,  Des  Moines.  IA  50306- 
0394  or  fax  to  (515)  875-3009. 


Computer  Professionals  w/exp 
to  analyze,  design,  develop, 
install  &  upgrade  client/server 
applic  ,  HR.  Benefits,  Payroll 
modules  using  Oracle,  Sybase. 
Peoplesoft,  HRizon.  SQL.  SQR, 
Peoplecode.  UNIX,  FTP  & 
Process  Scheduler;  should 
Interlace  to  Mainframe  &  other 
systems.  Send  resumes  to: 
Recruiter  GITS,  LLC,  7067  East 
Chestnut  Hill  St.,  Littleton, 
CO  80130.  Email:  recruiter® 
globalinfotechservlces.net  No 
in-person  resumes/interviews, 
only  respond  by  mail  or  e-mail. 


Analyst/Programmer  sought  by 
a  software  sales  and  service 
company  in  Denver,  CO  to  work 
in  Mossville,  IL  &  other  unantici¬ 
pated  job  sites  in  the  US.  Within 
a  MIMS  open  enterprise  envi¬ 
ronment,  produce  customer- 
specific  software  to  enable 
clients  to  implement  a  MIMS 
system  or  to  convert  from  a 
Legacy  system  to  MIMS.  Develop 
URS/FDD  (user  requirement 
statements/functional  design 
documents)  to  allow  for  interface 
development  between  Legacy 
systems  and  MIMS.  Work  in  both 
UNIX  and  Sun  Solaris  operating 
systems  using  Microfocus 
COBOL,  COBOL  I  and  II,  and 
Reporting  Definition  Language 
(RDL)  to  assess  customer  re¬ 
quirements,  outline  projects  to 
meet  customer's  requirements 
and  analyze  and  perform  work 
orders  of  high  complexity.  Re¬ 
quires  4  yrs.  as  a  programmer/ 
analyst;  working  knowledge  of 
MIMS  open  enterprise  system. 
8am-5pm,  M-F;  $75,000/yr.  Re¬ 
spond  by  resume  to  James 
Shimada,  Colorado  Department 
of  Labor  &  Employment,  Em¬ 
ployment  &  Training  Division, 
Tower  II,  #400,  1515  Arapahoe, 
Denver,  CO  80202,  &  refer  to 
Job  Order  Number  CO501 5560. 


OmniPros,  a  worldwide  provider 
of  software  solutions  seeks 
motivated  IT  professionals 
specializing  in  the  following 
areas: 

Java,  J2EE,  Oracle,  WebLogic 

Webmethod 

Vitria 

Tibco 

Portals 

Oracle  CRM  (Technical,  1 1  i) 
Oracle  Manufacturing  (Technical/ 
Functional,  1 1  i) 

Oracle  Finance  (Technical,  1 1  i) 
Business  Development/Technical 
Operations  Management 

Please  e-mail  resume  to 
careers@omnipros.com,  fax 
resume  to  (925)  249-1702,  or 
mail  resume  to: 

OmniPros  Ltd. 

301 5  Hopyard  Road  Suite  T 
Pleasanton,  CA  94558 
www.omnipros.com 


Corporate  Express  seeks  Senior 
EAI/B2B  Technical  Developers: 
Join  a  team  of  technical  devel¬ 
opers  that  are  involved  in  devel¬ 
oping  B2B  and  Enterprise  Appli¬ 
cation  Integration  (EAI)  software 
applications.  Focus  on  creating 
the  EAI  and  B2B  software  back¬ 
bones  used  for  communication 
by  business  applications  and 
with  external  partners. 

The  position  requires  a  bachelor's 
degree  in  information  systems, 
computer  science,  or  a  related 
field,  and  a  minimum  of  two 
years  of  experience  as  well  as 
expertise  in  using  the  webMethods 
tool  set,  Unix,  SQL,  and  Oracle. 
The  position  is  located  at  our 
Broomfield,  Colorado  headquar¬ 
ters.  Send  resumes,  by  mail,  to 
Shana  Sternstein,  Corporate 
Express.  1  Environmental  Way, 
Westminster.  Colorado  80021 . 
Corporate  Express  is  an  Equal 
Opportunity  Employer. 


Programmer  Analyst 
Design/implement  healthcare 
apps  with  VB  5.0/6.0/NET, 
Access  97/2000,  Com,  Dcom, 
SQL  Server  2000,  Crystal  Re¬ 
ports  and  health  care  processes 
including  patient  admission, 
state/federal  mds,  case  mix, 
care  planning,  physician  order, 
infection  control,  security  sys¬ 
tems.  payor  source/payor  plans, 
mobile  medical  device  apps, 
healthcare  billing/accounting 
and  medical  data  sharing 
systems  with  3rd  parties,  and 
communication  apps  for  health 
care  workers.  Prevailing  wage. 
BS  Comp.  Sc.  (or  foreign  equiv.) 
with  2  yrs  exp.  including  1  yr.  exp. 
in  developing  above  specified 
applications  using  above  tools. 
Respond  to  Geoff  Marsh, 
Horizon  Healthcare  Technologies, 
12101  Woodcrest  Executive 
Drive,  Suite  201,  St.  Louis, 
MO-63141.  EOE. 


Programmer  Analyst  at  our 
Cedar  Rapids.  Iowa  location. 
Convert  customer  requirements 
into  program  specifications; 
analyze  impact  of  proposed 
solutions  on  business  applications; 
ensure  satisfactory  functioning 
through  testing  and  analysis  of 
results;  correct  deficiencies 
according  to  customer  require¬ 
ments;  and  review  work  of 
development  team  members. 
Must  have  Bachelor’s  degree  in 
Computer  Science  or  related, 
three  years  experience  with 
Object  Oriented  programming, 
SQL,  Oracle,  UNIX,  and  Windows 
application  development;  one 
year  experience  with  programming 
in  C:  and  Six  months  experience 
with  JavaScript.  Send  resume 
with  cover  letter  to  APAC  Customer 
Services,  Inc.,  Attn:  Cindy  Corkery, 
6  Parkway  North  Center,  Deerfield, 
IL60015. 


Infomatics  Technologies,  Inc. 
delivers  IT  solutions  to  business 
clients  nationwide;  which  involves 
frequent  traveling  and  relocating. 
We  have  immed,  full-time  entry 
level  &  experienced  programmers, 
Programmer  Analysts,  Systems 
Analyst,  Software  Engineers, 
DBA’s  &  Software  Consultants  in 
any  of  the  following  skill  sets: 
BPCS,  AS/SET,  AS/400,  RPG/ 
ILE,  RPG  III,  COBOL/400,  (CLP, 
SQL,  QUERY/400),  DB2/400, 
RPG  S/36,  Oracle,  PL/SQL, 
C/C++,  Unix,  Windows  NT. 
Bachelor's  or  Master’s  degree 
req'd  depending  on  position.  We 
also  accept  foreign  educ  equiv  of 
degree  or  degree  equiv  in  educ 
&  exp,  excellent  benefits.  Send 
confidential  resume  &  salary 
rqmtsto:The  Human  Resources, 
Infomatics  Technologies,  Inc. 
35643  Ravine  Circle,  Farmington 
Hills,  Ml  48335 


Programmer  Analyst 
"Web  enable"  mainframe  apps. 
to  facilitate  EDI  using  Websphere, 
Cold  Fusion,  ASP,  Apache  & 
related  Web  Servers,  Cobol, 
DB2,  CICS,  VB,  C,  Java  &  related 
tools,  Oracle,  SQL  Server,  CSS, 
XML  and  XSL  and  Peregrine. 
Employer  is  a  consulting  company 
and  position  requires  travel. 
Prevailing  wage/benefit.  Respond 
to:  Attention:  Guy  New,  Jolig 
Consulting,  Inc.,  1311  Bucking¬ 
ham  Place,  Richardson,  TX 
75081 .  EOE. 


SOFTWARE  ENGINEER  wanted 
by  consulting  &  software  devel¬ 
opment  firm  in  Sugar  Land, 
TX.  Respond  by  resume  to:  Re¬ 
cruiter.  S/B-#10,  Digital  Consulting 
and  Software  Services,  One 
Sugar  Creek  Blvd.,  Ste  500, 
Sugar  Land,  TX  77478. 


Senior  Systems  analysts,  Pro¬ 
grammers,  Systems  Analysts, 
with  strong  technical  skills.  Travel 
may  be  required  throughout 
USA.  Resumes  to  Leverage 
Systems  Technologies,  USA 
by  Fax  714-596-7463  or  email 
resumes  to  cheauser©  LST-USA. 
com. 


Programmer/Analyst.  Dsgn  & 
dvlp  ETL  modules;  dsgn  batch 
routines;  perform  data  ware¬ 
housing  duties;  performance 
tune  modules;  analyze  specs  & 
dvlp  source  code;  test  applies. 
BS  in  Comp  Sci,  Engg,  or  rel 
field.  3  yrs  related  industry  exp, 
incl  2  yrs  exp  in  dsgn  &  dvlpmt 
of  ETL  process  using  PL/SQL, 
Informatica  Mappings,  &  Shell 
Scripting;  &  2  yrs  exp  in  data 
warehousing.  Certified  Oracle 
Prof'l  DBA  req'd.  Send  resume  to 
Mike  Davidson,  Quality  Consult¬ 
ing,  Inc.,  1500  NW  118th  St., 
Des  Moines,  IA  50325. 


NW  OH  Metal  Dist.  Co.  seeks 
Network  Administrator  to  coordi¬ 
nate  installation  of  computer 
operating  system  software; 
test/maintain/modify  software; 
troubleshoot,  analyze  performance 
indicators;  review  computer 
system  capabilities;  assist  user 
having  problems  with  system; 
and  monitor  computer  programs. 
Min  req.  Bachelor’s  Degree  in 
Mechanical  Eng.  or  computer 
related  field  or  equiv.  and  3  mos. 
in  job  or  job  related  exp  to 
include  use  of  Visual  Basic, 
MS-Access,  SCO  Unix,  Microsoft 
Office,  MAS  90/200,  Photoshop 
and  Adobe  GoLive.  resumes  to: 
All  Foils,  Inc.  4597  Van  Epps  Rd. 
Brooklyn  Hts.,  OH  44131.  No 
calls.  EOE 


InterOne  Marketing  is  looking 
for  computer  programmers/ana¬ 
lysts.  Applicants  must  have  BS 
degree  with  at  least  one-yr  exp. 
using  Oracle  Designer/Developer/ 
Applications,  Siebel,  Unix,  SDLC, 
AS/400,  ILE-RPG,  Sequel,  DB2 / 
400.  Send  resumes  to  880  W. 
Long  Lake,  Troy,  Ml  48098 

Software  Associates  has  imme¬ 
diate  openings  for  System  Analyst 
and  other  IT  professionals. 
Experience  with  Oracle,  VB, 
C/C++,  People  Tools,  SQR  is  a 
plus.  Please  send  resumes  to 
331 8  Fores  Ave.,  Des  Moines,  I A 
50311.  EOE. 


IT  Developer  3,  Educaid,  Sacra¬ 
mento,  CA.  Assist  w/  design  of 
tech,  solutions,  create  detailed 
tech,  design  documentation.  Work 
directly  w /  the  FFELP  student 
lending  industry.  Pos.  reqs.  4  yrs 
exp.  w /  Progress  (3  yrs  of  the 
reqd.  exp.  must  incl.  Progress 
Database  7.3  or  greater.)  2  yrs 
of  the  reqd.  exp.  must  incl.  devel¬ 
oping  software  for  UNIX  Operat. 
System.  1  yr  of  reqd.  exp.  must 
incl.  work  w/  Progress  Webspeed, 
SQL  dvlp.  &  developing  software 
for  the  FFELP  student  lending 
industry.  40hrs/wk,  M-F,  Send 
resume  &  cvr.  letter  to  Ken  Holtz, 
3301  C  Street,  Sacramento,  CA 
95816. 


Semafor  Technologies  has 
multiple  openings  for  S/W  Engi¬ 
neers.  ProgSys  Analysts.  DBAs. 
Proj  Mgrs  and  Sys  Admins  to 
design/develop/administer  soft¬ 
ware  applications  using  various 
development  tools,  languages, 
database/internet/wireless  tech¬ 
nologies  on  windows  and  UNIX 
platforms.  Customize  commercial 
business  application.  All  positions 
require  BS/MS  or  foreign  equiv 
in  Comp  Sci,  Math.  Business, 
Sciences,  Engg  (any  branch)  or 
related  field.  Highly  competitive 
salaries  &  benefits.  Travel/ 
relocation  req.  Resumes  to:  HR, 
3300  Holcomb  Bridge  Rd.  Ste 
212,  Norcross,  GA  30092 


COMPUTER  GRAPHIC  DE¬ 
SIGNER:  Design  art  &  copy 
layouts  for  store  signs  by  using 
computers.  Study  illustrations  & 
photographs  to  plan  presentation. 
Determine  size  &  arrangement 
of  illustrative  material  &  copy, 
select  style  &  size  of  type  & 
arrange  layout  based  on  space 
&  knowledge  of  layout  principles, 
Chinese  &  esthetic  dsgn  concepts 
40  hr/wk,  9am-5pm.  2  yrs 
exp.  req.  Contact  Shuimei 
Chen,  Allen  Sign  &  Supply,  50 
Delancey  St,  NY,  NY  10002. 


Sr.  Systems  Consultant.  Develop 
&  implement  computer  apps./ 
systems/networks,  using  UNIX 
and  other  tools.  Analyze  perfor¬ 
mance  for  Multi-CPU  class 
servers.  Develop  &  implement 
apps.  for  vulnerability  assessment 
&  mitigation.  Masters  degree  in 
C.S.,  Math,  Eng’g,  or  similar 
major/equiv.,  req’d,  as  is  5  yrs 
exp.  as  a  Sr.  Sys.  Consultant  or 
a  sys.  S/ware  Eng'g  or  Comp. 
Sys.  Admin,  position.  Prior  exp. 
must  include  exp.  w/UNIX,  using 
Multi-CPU  servers,  &  w/vulnera- 
bility  assessment  &  mitigation. 
Competitive  salary.  Resumes  to 
Brian  T.  Hunt,  Job  #1494.08, 
American  Trans  Air,  Inc.,  7337 
W.  Washington  St.,  Indianapolis, 
IN  46251-0609. 

ENGINEERING:  Betasphere 

has  opening  for  Director  of 

Core  Technology.  MS  +  3 

yrs  exp  reqd.  Exp  with  XML, 

Java,  ERP  and  ASP  reqd. 

Resume  to:  BetaSphere, 

1135  San  Antonio  Rd, 

Palo  Alto,  CA  94303  Email: 

jobs  @  betasphere.com. 

JD  Edwards  One  World  XE 

applications  and  integration 

developers  at  varied  levels 

needed  to  staff  multiple  positions. 

Requires  2  years  experience  in 

application  developmentwhich 

includes  1  o  more  years  expe¬ 
rience  in  JD  Edwards  One  World 

Development.  Send  resumes  to: 

Sara  Lee  Foods  c/o  Bridget 

Lindsay,  10151  Carver  Rd., 

Cincinnati,  OH  45242.  Refer  to 

job  code:  BDBC. 

Compsoft  Technology  Solutions 
Group,  Inc.  seeks  experienced 
Programmer  Analysts,  DBAs 
and  Software  Engineers  to 
develop  and  design  software 
systems  using  some  of  the 
following:  C,  C++,  VB.  Oracle, 
Developer  2000.  Java.  PUSQL, 
MS  Access,  MS  SQL,  internet/ 
wireless  technologies,  Windows 
/UNIX  admin  for  Data  ware¬ 
housing  etc.  Require  BS/MS  or 
foreign  equiv.  Highly  competitive 
salaries,  some  travel  and  relo¬ 
cation  to  client  sites  involved. 
Send  Resumes  to:  1 1  N  Roselle 
Road,  Schaumburg,  IL  60194 

Applications  Programmer  for  NE 
OH  to  plan,  develop,  test  and 
document  computer  programs 
and  maintain  application-based 
programs  designed  to  automate 
and  streamline  specific  functions 
of  the  Accounts  Receivable 
process  using  Visual  Basic, 
Visual  C++,  MS  Access.  Utilize 
PC-based  technology  to  interact 
with  external  software  applica¬ 
tions.  Must  have  Bachelor's 
Degree  or  equivalent.  Min.  3- 
month  in-job  exp.  Resumes  to: 
DD6-11,  10900  Carnegie  Ave. 
Cleveland,  OH  44195.  No  Calls. 

ARINC,  a  leading  provider 
of  communications,  information 
technology  &  system  engineering, 
has  an  opening  for  a  Systems 
Analyst  at  their  office  in  Marina 
Del  Rey,  CA.  The  individual 
will  assist  a  Senior  Software 
Engineer  in  analyzing  existing 
computer  systems  as  it  relates  to 
the  configuration  management 
tools  and  Problem  Tracking 
System.  Individual  must  have  a 
Bachelor's  degree  in  Computer 
Science,  Management  Information 
Systems  or  closely  related  field. 
For  consideration,  fax  your 
resume  to:  (978)  649-7078.  Attn: 
Dept  IHR-WS.  EOE 

where  the  best  get  better 

1-8G0-762-2977 


Systems  Analyst:  Design,  develop 
&  prog,  software  for  integrated 
banking  systems  inc.  teller  use 
loans,  checking  &  savings  acct., 
tellers  of  credit  invt.  Funds, 
based  on  needs  if  Latin  America 
Banks  &  Financial  Inst.  Works 
w/IBM  platform  w/AS  400  system, 
Devp.  banking  prog,  to  interface 
w/the  int.  40  hrs  per  wk,  9A-5P, 
3  yrs  exp.  in  job  offered.  Fax 
resume  to  (305)  377-3282. 
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it  Careers  in  Health  care 


Large  healthcare 
organizations  are 
growing  information 
technology  organiza¬ 
tions,  larger  than 
many  companies. 

With  IT  employees 
numbering  in  the 
thousands,  the  health¬ 
care  groups  are  turn¬ 
ing  to  IT  professionals 
to  develop  new  tools 
to  assist  physicians 
and  healthcare  professionals,  improve  the 
quality  of  record-keeping  and  availability,  and 
automate  processes  that  reach  millions  of 
healthcare  users  each  day. 

Among  those  leading  the  way  with  IT  profes¬ 
sionals  is  Kaiser  Permanente  IT  Division,  head¬ 
quartered  in  Oakland,  CA.  With  more  than  4,000 
IT  employees,  the  Kaiser  Permanente  IT  Division 
supports  a  nationwide  health  network  and  data 
centers  designed  to  assist  the  healthcare 
organization's  80,000  employees  and  more  than 
8.1  million  members  receiving  health  care. 


Michael  Winkler,  staffing  marketing  manager  for 
KP-IT,  said  the  division  continues  to  implement 
the  Clinical  Information  System,  an  effort  to 
automate  and  make  available  online  the  reams  of 
paper  and  images  used  to  keep  track  of  a  patient's 
health  and  treatment.  "Our  goal  is  to  get  the 
records  of  a  patient  in  the  hands  of  doctors  as 
quickly  as  possible,"  Winkler  explains. The 
applications  system  management  group  is  now 
developing  Radiology  Information  Systems,  a 
similar  initiative  to  deal  with  radiological  data 
and  images. 

KP-IT  also  recently  announced  the  formation  of 
its  Internet  Services  Division. The  organization 
combines  KP  Online,  kp.org  and  eHealthPlan  into 
a  single  unit.  Internet  Services  will  continue  to 
develop  web  applications,  streamline  processes 
for  getting  online  services  to  those  who  use  them 
and  organize  services  according  to  the  way  the 
user  thinks,  not  the  way  KP  is  organized.  A  beta 
launch  for  members  is  planned  for  December  with 
a  full  launch  expected  in  spring  2003. 

Winkler  says  Kaiser  Permanente  hires  IT  profes¬ 
sionals,  ranging  from  project  managers  and  devel¬ 


opers  to  senior  healthcare  IT  experts.  Opportuni¬ 
ties  exist  wherever  KP  operates,  but  IT  operations 
are  largest  in  the  Pasadena  and  Oakland  areas. 
The  healthcare  provider  looks  for  web-based 
development  skills,  database  administration  and 
design,  network  engineers  and  service  and 
development  on  the  backside  of  the  business. 

"Whatever  the  IT  job  is  at  KP,  you'll  continue 
to  grow  in  your  field,"  Winkler  adds.  "We  have 
multiple  projects  in  development,  offering  growth 
and  learning.  You'll  be  able  to  get  your  hands 
on  a  lot  of  different  technologies.  We  aren't  just 
maintaining  systems;  we're  creating  them. 

Our  end  result,  in  IT,  is  revolutionizing  the  way 
health  care  is  delivered,  that  KP-IT  is  part  of 
the  healthcare  team,  delivering  quality  care  to 
Kaiser  Permanente  members." 

^TTYp  RECRUITMENT 
SOLUTIONS 

For  more  job  opportunities  with  healthcare  firms,  turn  to  the  pages  of 
ITcareers. 

•  If  you'd  like  to  take  part  in  an  upcoming  ITcareers  feature,  contact 
Janis  Crowley,  650.312.0607  or  janis_crowley@itcareers.net. 

•  Produced  by  Carole  R.  Hedden 

•  Designed  by  Aldebaron  Graphic  Solutions 
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Advancing  Women  Through  Technology 


Women  In  Technology 
International  (WITI)  is  the 

premier  RESOURCE  FOR  THE  MOST 
qualified  WOMEN  IN 

IT  and  Engineering. 
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SignalTree  Solutions  is 
an  established  interna¬ 
tional  IT  solutions  and 
services  company.  We 
provide  our  employees 
with  a  competitive 
compensation  package 
and  an  excellent  benefits 
package. 

Currently  SignalTree 
Solutions  has  multiple 
openings  at  our  corporate 
office  in  Irvine,  and  project 
sites  throughout  the 
United  States,  for  the  posi¬ 
tions  referenced  below: 

Software  Engineer 
Sr.  Software  Engineer  I 
Sr.  Software  Engineer  II 
Project  Manager 
Project  Leader  I 
Project  Leader  II 
Technical  Architect 

Please  send  a  letter  of 
introduction  (indicating 
position  of  interest) 
along  with  resume, 
salary  history  and 
requirements  to: 

SignalTree  Solutions, 
Attn:  L.  Bardakjian, 
CW730, 

133  Technology  Drive, 
Suite  200, 

Irvine,  CA  92618. 

Fax:  (949)  450-4658. 

Email:  lb.resume@ 
SignaltreeSolutions.com 

“  (5> 
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Call  your 
ITcareers  Sales 
Representative 
or  Janis  Crowley. 

1-800-762-2977 


gPP9S| 


The  FBI  offers  excellent  compensation  and  benefits  packages.  These 
positions  offer  base  salaries  from  $36,615  -  $86,095.  Please  visit  our 
website  at  www.fbij obs.com  for  complete 
qualifications/details  and  to  apply  on-line. 

Reference:  Vacancy  #02-07-325  or  #02-07-326. 

Only  those  candidates  determined  to  be  best  qualified  will  be 
contacted  to  proceed  in  the  selection  process.  All  applicants 
must  be  U.S.  citizens  and  consent  to  a  complete  background 
investigation ,  drug  test,  and  polygraph  as  a  prerequisite  for 
employment  The  FBI  is  an  equal  opportunity  employer. 


Tt\V tgawe  can  change  all  it 
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Data  Warehousing  Manager 

PeaceHealth,  one  of  the  nations 
"100  most  wired"  healthcare 
organizations  with  hospitals  in 
AK,  WA  and  OR,  is  seeking  a 
Data  Warehousing  Manager. 
This  new,  key  position  will  act  in 
a  lead  role  in  furthering  Peace- 
Health's  data  warehousing  efforts 
through  application  of  data  ware¬ 
housing  knowledge  and  experi¬ 
ence.  Will  also  be  responsible  for 
managing  the  day-to-day  activities 
of  a  team  to  include  supervisory 
responsibilities.  This  position  will 
be  located  in  beautiful  Eugene, 
Oregon. 

This  Position  will: 

Lead  efforts  in  the  design  and 
development  of  data  warehouse. 
Ensure  proper  and  adequate 
management  of  information 
infrastructure  including  SQL 
Administration  and  database 
modeling. 

Assist  in  establishing  user 
requirements. 

Lead  data  design,  database 
architecture,  metadata  and 
repository  creation  efforts. 
Prepare  activity  and  progress 
reports  regarding  database 
management. 

Ensure  quality  control  of  the  data 
warehouse  process. 
Responsible  that  the  integrity, 
availability  and  usability  of  the 
data  warehouse. 

Requires: 

Prefer  3  years  supervisory  or 
project  lead  experience. 

Data  warehousing  implementa¬ 
tion  experience  -  full  life  cycle 
Strong  knowledge  of  data  ware¬ 
housing  concepts  and  best  prac¬ 
tices. 

Business  Intelligence  experience 
with  ad  hoc  query,  reporting,  and 
OLAP  tools. 

Demonstrated  experience  in 
database  design  -  relational 
databases  (Oracle,  MS  Access), 
and  SQL. 

Strong  oral  and  written  commu¬ 
nication  skills. 

Bachelor's  degree  in  MIS  or 
Computer  Science  related  field. 
Experience  and/or  certification 
can  be  substituted  for  a  Bache¬ 
lor's  degree. 

PeaceHealth  offers  a  collabora¬ 
tive  working  environment  with 
excellent  benefits/compensation 
package.  Please  visit  our  web 
site  at  www.oeacehealth.oro  to 
learn  more  about  PeaceHealth. 
Send  resume  to: 

PeaceHealth 

E-mail: 

hr-corD@oeacehealth.oro 

Fax:  425-649-3825 


There's  a  Plate  for  You 
at  Today's  FBI. 

Explore  one  of  the  most  important  and  rewarding  careers  anywhere. 
When  you  join  the  FBI,  you  join  the  organization  that  plays  a  central 
role  in  ensuring  the  safety  of  our  country  and  every  U.S.  citizen.  We 
invite  you  to  consider  a  career  with  us  at  our  Quantico,  Virginia  location. 


Electronics  Engineers 


As  an  Electronics  Engineer,  you  may  serve  as  project  manager; 
develop  studies  in  the  field  of  advanced  telephony,  encryption, 
intercept  capabilities  and  wireline  digital  voice/data  communications; 
and/or  perform  research,  test  and  evaluation  in  such  areas  as 
Audio/Video  and  Image  processing  and  Signal  Analysis,  Signal 
Intelligence,  Covert  Mobile  and  Physical  Surveillance,  or  Information 
Systems  Networks/Platforms.  Travel  may  be  required. 
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subscription  go  to 

www.nwwsubscribe.com/pa 
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Week  after  week  NW  gives 
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Web  services  at  work 


Eastman  Chemical  is  using  Web  services  to  give  distributors  access  to  more  specific 
and  up-to-date  product  catalog  information  than  was  possible  previously. 


Distributor’s  intranet 


Distributor 


Firewall 


Web  server 


s_L 

WebMethods 


Grand  Central 
network 


i  A  distributor  requests  2  The  distributor’s  intranet 


information  about  a 
chemical  listed  in  an 
Eastman  Chemical 
product  catalog. 


server,  which  runs  code 
supplied  by  Eastman,  sends 
the  request  as  a  SOAP 
message  over  HTTP  to 
service  provider  Grand 
Central’s  network. 


3  Grand  Central 
authenticates  the 
end  user,  makes 
the  connection 
to  Eastman’s 
WebMethods 
server  and  audits 
the  connection. 


4  Eastman’s  Web  service  for 
catalog  access  runs  on  the 
WebMethods  server.  The  server 
accepts  the  SOAP  message, 
which  activates  a  C0M+ 
interface  that  in  turn  requests 
the  chemical  information  from 
the  catalog  database. 


Product 

catalog 
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5  The  requested 
information  is 
delivered  to  the 
end  user. 


Web  services 

continued  from  page  1 

rather  have  a  service  that  says  you 
give  me  a  word  and  I’ll  send  you 
back  the  definition?” 

Currently;  distributors  get  cata¬ 
log  information  from  Eastman  in 
many  ways.such  as  by  visiting  the 
company’s  Web  site  and  copying 
data,  by  “screen  scraping”  the  Web 
site  or  by  having 
Eastman  e-mail 
them  files.  How¬ 
ever,  because 
the  catalog  is  up¬ 
dated  regularly 
but  never  on  a  scheduled  basis, 
distributors  often  are  left  with 
dated  information. 

Using  Web  services,  Eastman 
has  created  a  way  for  distributors 
to  access  its  product  catalog  and 
for  them  to  push  that  access  to 
their  customers  so  everyone  sees 
the  same  catalog  in  real  time. 
Without  Web  services,  every  part¬ 
ner  in  the  chain  would  have 
needed  an  identical  application- 
integration  server  to  gain  such  ac¬ 
cess,  and  Pleasant  says  that 
wouldn’t  have  been  practical. 

“It  doesn’t  take  much  technol¬ 
ogy  just  to  consume  our  Web  ser¬ 
vice,"  he  says. 

Eastman’s  partners  are  supplied 
with  lightweight  code  that  sits  on 
their  intranet  servers  and  lets 


Baan 

continued  from  page  16 


them  send  catalog  requests  via 
messages  based  on  Simple  Ob¬ 
ject  Access  Protocol  (SOAP),  an 
XML  protocol.  SOAP  creates  a 
standard  interface  to  activate  the 
Microsoft  Component  Object  Mo¬ 
del  Plus  (COM+)  interfaces  used 
in  Eastman’s  catalog  application, 
called  Saqqara.  The  COM+  inter¬ 
faces  remain  on  the  Saqqara  ap¬ 
plication  server  but  are  accessed 
through  SOAP  in¬ 
terfaces  running 
on  Eastman’s  Web¬ 
Methods  server, 
which  provides  a 
link  to  the  Inter¬ 
net.  The  WebMethods  server  cre¬ 
ates  the  SOAP  interfaces  and  gen¬ 
erates  the  Web  Service  De¬ 
scription  Language  files,  which 
describe  the  capabilities  of  the 
Web  service.  It  all  runs  on 
Windows  2000  using  a  variety  of 
dual  and  quad  servers  from  Dell. 

The  catalog  Web  service  in¬ 
cludes  four  functions;  It  can 
return  a  list  of  products  by  family 
code  or  by  category  code,  and 
return  a  technical  data  sheet  for  a 
specific  product.The  fourth  func¬ 
tion  is  the  creation  of  an 
Extensible  Stylesheet  Language 
stylesheet  for  data  presentation 
on  the  end  user’s  side. 

“We  had  these  COM+  interfaces 
that  you  could  call  from  inside  the 
firewall  using  standard  COM+ 


technology”  Pleasant  says.  “But 
to  open  it  up  to  our  customers 
we  had  to  be  able  to  move  out¬ 
side  of  our  firewall. And  that  is 
where  Web  services  makes  a  big 
change.” 

Also  key  is  that  all  those  Web  ser¬ 
vices  components  can  be  reused 
in  other  applications,  something 
not  possible  with  COM+,  he  says. 

Programming  flexibility  also 
was  a  plus  because  Eastman  has 
committed  to  Java  for  its  Web- 
based  environment  but  often 
uses  Microsoft  tools  for  internal 
application  development.  Pleas¬ 
ant  used  WebMethods  Java  tool 
kit  to  create  the  Web  services 
that  call  for  the  COM+  objects 
Eastman  built  using  Microsoft’s 
Visual  Studio  development  tools. 

While  Pleasant  is  impressed  by 
the  potential  of  Web  services, 
he’s  starting  slowly  because  of 
the  technology’s  limitations  re¬ 
garding  security,  transactional 
integrity  and  nonrepudiation. 

So  while  Eastman  will  develop 
and  run  its  own  Web  services,  it  is 
using  a  hosted  middleware  ser¬ 
vice  from  Grand  Central  Com¬ 
munications,  which  validates 
Web  services  users  and  logs  their 
transactions.  (Grand  Central’s 
service  starts  at  $150,000  per 
year,  though  the  company  has 
not  yet  determined  the  number 
of  Web  services  or  connections 
Eastman  will  use.) 

Pleasant  prefers  for  someone 
else  to  be  responsible  for  au¬ 
thentication  services  because  it 
is  not  an  Eastman  forte  and  it 
insulates  the  chemical  com¬ 
pany  from  the  evolution  of  secu¬ 
rity  standards  and  identity-man¬ 
agement  systems  such  as  Micro¬ 


soft’s  Passport  and  the  Liberty 
Alliance  Project  started  by  Sun. 
Grand  Central  also  provides  au¬ 
thorization  services  that  feature 
a  Web-based  application  that 
Eastman  uses  to  manage  who 
has  access  to  what  and  when  on 
its  network. 

“We  want  Grand  Central  to 
take  care  of  the  volatility  we  ex¬ 
pect  to  see  around  security” 
Pleasant  says. 

“We  want  them  to  worry  about 
the  maturation  of  the  standards,” 
he  adds. 

And  there  are  other  services 
that  Pleasant  needs. 

“As  you  do  more  complex 
transactions,  especially  multi¬ 
party  transactions,  this  business 
of  keeping  track  of  whose  system 
said  what  and  when  is  pretty  im- 
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portant.  Grand  Central  has  those 
kinds  of  nonrepudiation  ser¬ 
vices.  When  a  transaction  does 
break  and  you  need  to  do  a  post¬ 
mortem,  having  an  independent 
third  party  to  do  that  is  really, 
really  important,”  he  says. 

While  it’s  easy  to  get  carried 
away  with  the  potential  of  Web 
services,  Pleasant  says  Eastman  is 
right  about  where  he’d  like  to  see 
it  in  terms  of  adoption. 

“One  of  the  things  that  I  keep 
telling  people  is  we  are  not  late  to 
this  partyf  he  says.  “We  are  fash¬ 
ionably  early 
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Baan’s  emphasis  on  developing  e-business  software  for  manufactur¬ 
ers  just  might  save  the  company,  experts  say.  Baan  continues  to  grow 
and  retain  a  loyal  customer  base  that  craves  its  expertise  in  discrete 
manufacturing,  says  Katherine  Jones,  managing  director  at  Aberdeen 
Group. “They  do  that  probably  better  than  anybody 

Also  enabling  a  comeback  is  that  Laurens  van  der  Tang,  Baan’s  presi¬ 
dent  since  August  2000,  kept  his  development  group  intact  throughout 
Baan’s  corporate  turmoil,  Jones  says.  The  group  stayed  together  and 
continued  to  advance  Baan’s  products.  “They  weren’t  asleep  at  the 
wheel,  they  were  really  just  low  profile,”  Jones  says. 

In  time  for  the  inForum  conference,  this  development  team  pulled 
together  two  new  product  suites  as  well  as  hooks  to  third-party  soft¬ 
ware  suites.The  new  iBaan  for  PLM  is  entirely  Web-based, and  iBaan  for 
SCM  is  a  hybrid  of  client/server  and  Web-based  modules. 

Moving  its  applications  to  an  Internet-based  infrastructure  is  key  to 
the  company’s  strategy,  but  Baan  lags  behind  its  ERP  competition  in 
this  area.  SAP  BeopleSoft  and  Oracle  already  have  shifted  their  appli¬ 
cations  from  the  client/server  to  the  Web-based  world.“!f  Baan  is  going 
to  be  aTier-1  competitor.it  needs  to  keep  pace  with  what  Tier-1  vendors 
are  doing," says  Kelly  Spang, senior  analyst  at  Current  Analysis. 

Leading  up  to  the  show, Baan  delivered  its  new  customer  relationship 
management  suite,  iBaan  for  CRM.  Early  on,  Baan  was  among  the  first 
ERP  vendors  to  try  to  expand  into  CRM,  buying  CRM  company  Aurum 
in  1997.  It  was  a  visionary  move,  but  Baan  never  did  much  with  Aurum 
and  fell  behind  other  ERP  vendors  in  its  CRM  execution,  Spang  says. 
“Organizational  confusion  cost  Baan  about  a  year  in  its  CRM  strategy 
she  says. 

W  ith  iBaan  for  CRM,  which  was  announced  in  January,  Baan  is  trying 
to  invigorate  its  CRM  business.  So  far,  Baan  has  the  pieces  but  lacks  the 
breadth  of  functions  top-tier  CRM  vendors  such  as  Siebel  Systems  and 
Dh  .leSoft  have  across  sales,  marketing  and  service,  Spang  says.  ■ 
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Attacks 

continued  from  page  1 

a  known  attack,” says  Oliver  Fried¬ 
richs,  director  of  engineering  at 
consultancy  SecurityFocus. 

“It  does  make  it  harder  for  IDS,” 
says  Stuart  Staniford,  president 
and  founder  of  Silicon  Defense, 
which  this  week  announced 
Sentarus,  a  management  console 
product  line  for  sensors  based  on 
IDS  freeware  Snort. 

Once  a  new  attack  is  known,  it 
usually  takes  the  IDS  vendors  a 
number  of  hours  or  days  to  devel¬ 
op  a  signature.  But  in  the  case  of 
ADMutate,  it  has  taken  months  for 
signature-based  IDS  vendors  to 


■  BY  JOHN  COX 

MILPITAS, CALIF— Work  is  now 
officially  under  way  by  the  World 
Wide  Web  Consortium  to  ham¬ 
mer  out  a  formal  framework  for 
Web  services. 

In  its  first  face-to-face  meeting 
last  week,  the  recently  formed 
W3C  Web  Services  Architecture 
Working  Group  began  crafting  a 
paper  that,  among  other  things, 
will  describe  what  Web  services 
are,  the  technologies  needed  for 
them,  how  they’ll  interact  with 
each  other,  and  how  to  address 
privacy  and  security.  The  paper  is 
due  out  by  year-end. 

Eventually,  when  approved  by 
the  W3C,  the  specified  architec¬ 
ture  could  be  adopted  by  ven¬ 
dors  of  development  tools,  appli¬ 
cation  servers,  databases  and 
packaged  applications.  For  enter¬ 
prise  network  shops,  this  should 
translate  into  Web  services  that 
are  easier  to  create  and  that  can 
easily  work  together. 

Last  week,  some  60  representa¬ 
tives  from  more  than  40  vendors 
and  corporations  met  in  person 
after  about  two  months  of  tele¬ 
phone  conferences,  which  were 
designed  to  give  the  assembled 
working  group  a  starting  point  for 
discussion. 

Corporate  members  include 
Boeing,  ChevronTexaco,  Daimler- 
Chrysler  Research  and  Tech¬ 
nology, and  WAV  Grainger. Vendors 
include  BEA  Systems,  Compaq, 
Contivo.  IBM,  Intel,  Microsoft,  SAP 
and  Sun. 

Initially,  the  group  is  defining  a 
Web  service  as  an  application 
identified  by  a  URL  that  has  an 
interface  that  can  be  defined, 
found  and  used  by  XML-based 
objects,  and  that  works  directly 
with  other  similar  applications 


add  a  way  to  detect  a  polymor¬ 
phic  buffer  overflow  generated 
by  it. 

“It’s  a  hard  problem,”  says  Marty 
Roesch,  president  of  Sourcefire,  a 
company  he  founded  to  commer¬ 
cialize  Snort,  which  he  invented. 
“The  idea  is  that  signature-based 
IDSes  like  Snort  look  for  traffic  in 
a  payload  called  Shell  Code,  but 
you  can  evade  this  with  polymor¬ 
phic  shell-code  generation.” 

Sourcefire,  Internet  Security 
Systems  (1SS)  and  NFR  Security 
are  among  the  vendors  that  claim 
to  have  developed  a  defense  for 
the  ADMutate  code-mutation 
exploit  in  their  IDS  products.“We 
were  working  on  that  one  for 


using  XML-based  messages  over 
Internet  protocols. 

An  array  of  W3C  groups  are  ad¬ 
dressing  various  Web  services 
technologies,  such  as  XML,  the 
Web  Services  Definition  Lan¬ 
guage  and  Simple  Object  Access 
Protocol,  says  Dave  Hollander, 
CTO  of  data  integration  software 
maker  Contivo  and  a  member  of 
the  architecture  group. 

“This  new  group  will  let  us 
define  the  architecture  require¬ 
ments  for  Web  services  so  these 
other  projects  won’t  go  out  and 
create  incompatible  results,”  he 
says.  “What’s  been  happening 
until  now  is  that  we’ve  been  get- 


some  time,”  says  Chris  Rouland, 
director  of  the  X-Force  at  ISS. 

Even  if  the  vendors  have  found 
a  way  to  counter  ADMutate, 
which  is  not  clear,  Skoudis  says, 
“There  are  so  many  ways  to  do 
the  same  thing  as  ADMutate.  It 
shows  the  underlying  flaws.  We 
will  see  a  proliferation  of  poly¬ 
morphic  techniques.” 

A  British  firm,  NSS  Group,  in  the 
next  few  months  will  evaluate 
more  than  a  dozen  of  the  latest 
IDS  products  to  see  if  they  can 
detect  ADMutate-generated  code, 
among  other  evasion  techniques, 
such  as  Fragrouter  and  Whisker. 
Results  should  be  released  in 
June,  says  Bob  Walder,  director  of 


ting  the  [Web  services]  transport 
layer  stuff  to  the  point  where  it’s 
‘good  enough.’” 

Now  attention  can  be  focused 
on  what’s  needed  so  that  Web  ser¬ 
vices  don’t  simply  connect  to 
each  other,  but  understand  each 
other  and  work  together  in  elabo¬ 
rate  ways. 

As  the  architecture  draft  is  cre¬ 
ated,  drawing  heavily  from  work 
by  other  W3C  groups,  it  will  be  fed 
back  into  these  groups  for  review 
and  comment. 

That  coordination,  and  the  ac¬ 
tive  participation  of  key  vendors, 
could  lead  to  product  imple¬ 
mentations  by  early  2003.  ■ 


the  NSS  Group. 

In  December,  NSS  Group  pub¬ 
lished  more  than  200  pages  of 
lab  tests  it  did  on  16  IDS  prod¬ 
ucts.  While  the  polymorphic 
buffer  overflow  might  be  the 
most  dramatic  way  to  sneak  by 
an  IDS,  there  are  many  other 
ways  that  involve  hiding  attack 
code  inside  large  data  flows 
directed  at  a  target.  Some  IDSes, 
which  depend  on  mirroring  traf¬ 
fic,  drop  packets  when  traffic 
flows  increase. 

The  ISS  RealSecure  product, 
Snort  and  Enterasys’  Dragon 
product  “all  demonstrated  some 
problems  with  handling  detec¬ 
tion  on  a  network  saturated  with 


What’s  stopping 
you? 

Limitations  of 
current  technology 
and  standards  were 
cited  as  the  top 
technology-related 
obstacle  to  deploying 
Web  services  by 

27% 

of  116  attendees 
surveyed  at  a  Giga 
Information  Group 
conference  in  December. 


64-byte  packets,  causing  them  to 
miss  attacks  under  load,”  wrote 
NSS  Group  in  its  December 
report. 

Cisco’s  Secure  IDS  Model  4320, 
NFR’s  NID  200  and  BlackICE 
Sentry  software  (formerly  sold 
by  Network  Ice,  purchased  by  ISS 
last  year)  performed  the  best  in 
detection,  according  to  the  NSS 
Group  report.  “Unfortunately,  al¬ 
though  it  performed  well  under 
load,  Symantec’s  NetProwler 
tended  to  misrepresent  many  of 
the  attacks  detected  and  was  the 
only  one  of  that  group  that  was 
outwitted  by  our  IDS  evasion 
techniques,”  the  report  said. 
“Chargen  attacks  were  reported 
as  Stacheldraht,SYN  floods  were 
reported  as  ICMP  Redirect,  and 
SYNDrop  was  reported  as  the 
Tribal  Flood  Network  2K,  among 
others.” 

And,  according  to  NSS  Group, 
another  IDS, Intrusion’s  SecureNet 
Pro’s  sensor  and  console,  were 
overwhelmed  by  an  attack  called 
Snot  in  which  “genuine”  attacks 
are  inserted  into  a  deliberate 
flood  of  data  traffic. 

RealSecure’s  detection  capabili¬ 
ties  fall  off  dramatically  at  50%  of 
network  load,  according  to  NSS 
Group.  But  ISS  is  redesigning  its 
IDS  to  be  based  on  BlackICE, 
which  makes  use  of  anomaly  de¬ 
tection  and  can  detect  ADMutate 
based  attacks.  RealSecure  7.0,  ex¬ 
pected  to  ship  by  June, should  re 
fleet  such  improvements. 

ISS  customers  seem  patient. 

“There’s  nothing  that  is  really 
perfect,”  says1  Andrew  Bagrin,  di¬ 
rector  of  business  technology  at 
Regal  Cinemas,  which  uses  Real- 
Secure  to  detect  attacks  against 
its  Web  site  and  internal  network. 
“The  RealSecure  IDS  does  a 
good  job  for  most  attacks,  and 
when  it  senses  one,  it  sends  a 
message  to  our  Check  Point  fire¬ 
wall  to  block  that  attack  traffic 
for  50  minutes.” 

Regal  is  merging  with  United 
Artist  and  Edward  Theatres  to 
form  the  Regal  Entertainment 
Group,  totaling  560  locations.  At 
that  point,  Regal  will  deploy  an 
appliance  from  Crossbeam  Sys¬ 
tems  called  the  Crossbeam  X403 
to  run  the  firewall  and  IDS  on  the 
same  hardware. 

NSS  Group  director  Walder 
says  the  IDS  industry  is  under¬ 
going  such  rapid  change  that 
NSS  Group  will  have  to  do  tests 
at  least  two  or  three  times  per 
year  to  keep  up  with  what  ven¬ 
dors  are  doing  to  improve  their 
products.  ■ 
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AT&T 
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services.  Aibinder  declined  to  reveal  which  vendor’s 
gear  AT&T  has  deployed,  citing  security  concerns. 

One  industry  expert  sees  the  moves  as  positive. 

“It’s  a  practical,  important  enhancement  that  al¬ 
lows  more  conservative  users  to  keep  their  existing 
network  environment  while  adding  voice  support,” 
says  Tom  Jenkins,  a  vice  president  at  consulting  firm 
TeleChoice.  “The  ability  to  support  any-to-any  con¬ 
nectivity  for  voice  and  data  allows  users  to  evaluate 
the  technology  without  migrating  locations  to  an  all¬ 
frame  relay  or  all-IP  environment.” 

But  to  support  any-to-any  voice  traffic,  compa¬ 
nies  need  to  order  an  additional  permanent  vir¬ 
tual  circuit  to  AT&T’s  network  hub,  where  its  fire¬ 
walls  are  deployed. This  is  an  additional  expense 
that  companies  would  have  to  evaluate  before 
making  the  switch,  Jenkins  says.  A  customer  with 
an  all-frame  relay  or  all-ATM  network  would  not 
need  an  additional  permanent  virtual  circuit 
back  to  AT&T. 

AT&T  announced  the  offerings  at  the  Spring  2002 
Vbice  on  the  Net  conference. 

AT&T  offers  converged  voice  and  data  with  its 
Managed  Internet  Service  (MIS),  Managed  Data 
Network  Services  and  Managed  Router  Service. 
The  latter  two  offerings  are  for  either  ATM  or 
frame  relay  networks.  The  carrier  introduced  its 


fully  managed  combined  voice  and  data  features 
in  January  2001  (see  www.nwfusion.com,  Doc- 
Finder:  8947). 

Serv-A-Lite  has  used  the  AT&T  MIS  service  to  sup¬ 
port  its  outbound  calls  since  December. The  whole 
sale  hardware  distributor  is  using  four  channels 
from  its  dedicated  T-l  line  to  support  the  company’s 
voice  traffic. 

“We  saved  $3,000  the  first  month  we  deployed  the 
service,” says  Bill  Hintz.1T  director  at  the  East  Moline, 
Ill.,  company.  Hintz  also  points  out  that  the  service 
offers  redundancy  that  the  company  didn’t  have 
before.“If  my  local  carrier  lops  a  line,  we’ll  still  have 
voice  service,”  he  says. 

AT&T  also  has  expanded  its  in-country  off-net 
voice  support.  AT&T  plans  to  have  “dozens"  of  gate¬ 
ways  deployed  at  the  edge  of  its  data  networks  and 
the  public  switched  telephone  network  (PSTN) 
overseas  by  year-end.  These  gateways  will  allow 
faster  call  termination  on  the  PSTN  within  countries 
where  the  calls  are  destined.  Aibinder  says  these 
calls  were  sometimes  back-hauled  to  the  U.S.,  termi¬ 
nated  on  the  domestic  PSTN  and  sent  overseas  over 
AT&T’s  circuit  switched  network. 

AT&T  says  it  can  support  more  in-country  call  ter¬ 
mination  because  it  is  in  the  process  of  taking  back 
some  of  its  network  assets  that  were  part  of  the  failed 
Concert  deal.  Concert  was  a  joint  venture  between 
AT&T  and  British  Telecom. 

AT&T:  www.att.com 
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Perfection  by 

“If  there’s  so  much 
labor-saving  machinery, 
why  don’t  I  have  more 
free  time?” 

—  Anon. 


Imagine  a  world  that  is  connected  by  orders  of 
magnitude  more  than  at  present.  A  world  with 
perfect  gardens  where  there  are  no  slugs, 
snails,  whitefly  or  weeds.  Where  no  one  owns  a 
lawn  mower.  A  world  without  vacuum  cleaners.  A 
world  where  network  cabling  is  pulled  and  main¬ 
tained  automatically. 

This  is  a  world  where  useful  robots  really  exist. 
Robots  that  are,  for  all  intents  and  purposes,  smart. 
And  it’s  just  around  the  corner. The  dream  of  hav¬ 
ing  an  army  of  capable,  practical  robots  to  do  our 
bidding  appears  to  be  getting  closer  to  reality  far 
faster  than  I  expected. 

What  has  me  on  this  topic  is  the  recent 
announcement  by  the  Sony  Digital  Creatures 
Laboratory  of  the  “SDR-4X”  humanoid  robot  (see 
www.nwfusion.com,  DocFinder:  8948). This  thing  is 
amazing.  Walking  on  two  legs.it  is  20  inches  tall, 
weighs  in  at  14.3  pounds  and  its  body  has  38 
points  of  articulation,  making  it  capable  of  com¬ 
plex  physical  movements.  Those  movements  are 


bots 


controlled  by  a  sophisticated  real-time  adaptive 
motion-control  system. 

The  SDR-4X  also  has  a  pair  of  digital  cameras 
for  stereoscopic  vision  so  it  can  negotiate  around 
objects.  It  can  remember  the  faces  of  10  people, 
recognize  emotions  from  facial  features,  and 
understand  continuous  speech.  Wow. 

When  it  comes  on  the  market  sometime  this  year, 
the  SDR-4X  will  cost  about  the  same  as  a  small  car. 
But  like  the  Sony  robot  dog.Aibo  (www.us.aibo 
.com),  the  price  of  the  SDR-4X  will  plummet  with 
increasing  sales. 

And  then  there’s  the  new  500-pound  watchdog 
robot  from  Sanyo  (see  DocFinder:  8949)  and  the 
Slugbot  from  the  Intelligent  Autonomous  Systems 
Laboratory  of  the  University  of  the  West  of  England 
(see  DocFinder:  8950)  —  the  commercial  pressure 
to  build  useful  bots  is  mounting. 

So  what  will  these  devices  be  capable  of  doing? 
Labor.  Silent,  round-the-clock,  good  old-fashioned 
tireless  labor.  Armed  with  something  like  scissors,  a 
small  robot  the  size  of  Sony’s  SDR4X  could  preci¬ 
sion-cut  your  lawn.  Just  think, you  will  never  see 
weeds  again.  And  for  that  matter, you’ll  never  see 
dead  flowers  because  the  bot  will  remove  the 
flowers  when  they  pass  their  peak. 

And  as  the  bot  goes  about  its  work  it  will  kill 
any  whitefly  it  finds,  destroy  slugs  and  apply  fer¬ 


tilizer.  And  that’s  just  the  garden!  You’ll  never  hear 
a  vacuum  cleaner  again  because  the  house  bots 
will  silently  sweep  and  polish  all  night  long. 

We’re  going  to  have  these  robots  everywhere  — 
municipal  bots  sweeping  streets  and  digging  ditch¬ 
es  silently. There’ll  be  scores  of  housebots  and 
officebots  cleaning,  sweeping,  repairing  and  guard¬ 
ing.  And  all  of  these  bots  will  communicate  with 
each  other. 

Your  bots  will  know  all  about  you.  And  your 
neighbor’s  bots  will  know  about  your  neighbors. 
And  you'll  want  your  bots  to  coordinate  with  your 
neighbors’  and  the  municipal  bots  to  keep  all  of 
the  perfect  yards  perfect.  We’ll  want  to  know  that  if 
there’s  an  emergency  our  bots  can  get  the  message 
out  via  other  bots.  All  of  this  means  that  the  bots 
can  and  will  “gossip.” 

The  potential  for  surveillance  will  be  vastly  in¬ 
creased  with  so  many  smart  devices  running  (liter¬ 
ally)  around. 

I  could  fill  several  columns  extrapolating  the 
impact  that  robots  could  have  on  our  culture  and 
economy 

But  there’s  one  thing  I  still  haven’t  figured  out: 

Will  1  have  more  free  time? 

What  do  you  want  a  bot  for ?  Task  lists  to  nwcol- 
umn@gibbs.com. 
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A  different  type  of  buddy  list 

Whoever  said  you  can't  fight  City  Hall  apparently 
never  built  a  Web  site. 

However,  he  might  have  predicted  at  least  some  of 
what  has  gone  down  in  Providence,  R.I.,  after  a  band 
of  fed-up  citizens  launched  www.buddycianci.com,  a 
site  dedicated  to  bringing  about  the  resignation  of 
roguish  Mayor  Vincent  A.  (Buddy)  Cianci  Jr. 

Among  the  skirmishes  since  the  site  was  launched: 

•  Cianci  has  threatened  legal  action  against  the  site  operators  for  allegedly  mis¬ 
appropriating  his  name  and  likeness. 

•  The  mayor,  who  goes  on  trial  this  week  to  answer  a  30-count  racketeering 
indictment,  has  attempted  to  call  attention  to  the  purported  unfairness  of  the  site 
by  registering  domain  names  that  match  the  first  and  last  names  of  Providence 
journalists.  Turnabout  is  fair  play,  or  so  says  the  mayor. 

•  And  here's  my  favorite  part:  The  site  operators  have  made  noise  about  a 
“mysterious"  three-day  blockage  of  traffic  to  www.buddycianci.com  —  only 
traffic  from  the  Providence  area  —  that  they  suggest  might  have  been  the 
handiwork  of  a  Cianci  sympathizer  with  access  to  a  Verizon  router.  (Cianci 
insists  he  can't  even  turn  on  a  computer,  and  Verizon  says  the  charge  is 
nonsense.) 

Those  of  you  who  live  in  the  Northeast  are  probably  shaking  yours  heads  and 
muttering,  "Ah,  Providence." 

But  the  story  is  great  theater,  so  here's  how  Buzz  reviews  these  three  acts: 

•  Cianci  had  better  hope  his  criminal  defense  holds  more  water  than  the  legal 
bluster  his  lawyer  tossed  at  the  Webmaster  of  www.buddycianci.com,  The  mayor 
nas  a  better  chance  of  being  elected  cellblock  president  than  getting  any  honest 
judge  to  pull  the  plug  on  his  tormenters.  The  First  Amendment  protects  nothing  if 
not  political  speech  of  this  nature,  and  it's  awfully  hard  to  call  the  mayor  a  men¬ 


ace  without  using  his  name  and  likeness.  < 

•  Nor  does  his  honor  appear  to  know  much  about  journalists.  Those  members 
of  the  press  whose  personal  domain  names  have  been  snapped  up  by  the 
mayor  are  undoubtedly  wearing  their  notoriety  as  a  merit  badge.  Those  who 
Cianci  didn't  see  fit  to  target  are  just  as  certainly  paying  a  price  in  lunchroom 
abuse. 

•  As  for  the  routing  intrigue,  it's  difficult  for  me  to  imagine  that  anyone  at 
Verizon  would  put  their  job  on  the  line  to  pull  such  a  prank,  even  at  the  behest  of 
a  Napoleonic  mayor  who  for  decades  has  held  sway  over  the  biggest  city  in  the 
smallest  state.  I  just  can’t  believe  this  was  intentional. ...  Of  course,  it's  worth 
noting  that  the  Web  site  operators  insist  their  access  problem  disappeared  soon 
after  they  complained  to  Verizon. 

Stranger  things  have  happened  . . .  especially  in  Providence. 

Roll-yourown  DSL  causes  quite  a  stir 

Last  week’s  item  about  the  Colorado  neighborhood  that  gave  up  on  Qwest 
Communications  and  decided  to  become  a  self-service  DSL  provider  sparked  an 
outpouring  of  interest  after  the  column  was  flagged  on  www.slashdot.com.  (You 
can  read  the  Slashdot  give-and-take  at  www.nwfusion.com,  DocFinder:  8943.) 

So  many  people  were  interested  in  learning  more  about  the  efforts  of  the  Ruby 
Ranch  Internet  Cooperative  Association  that  the  organization’s  Web  site  — 
www.rric.net  —  was  brought  to  its  knees  for  a  time. 

Moreover,  our  own  Network  World  Fusion  site  —  www.nwfusion.com  —  experi¬ 
enced  and  withstood  a  record  one-day  traffic  surge  that  our  Web  guys  attributed 
in  part  to  conspicuous  interest  in  that  roll-your-own-DSL  coverage. 

Note  to  entrepreneurs  and  venture  capitalists:  Seems  there  might  be  a  business 
opportunity  in  helping  the  DSL-deprived  take  matters  into  their  own  hands. 

Have  something  to  say  about  this  column?  You  could  register  www.paulmcna 
mara.  com  as  a  gesture  of  protest ,  but  it  would  be  much  easier  and  cheaper  to  direct 
your  e-mail  to  buzz@nww.com. 
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CODERNAUTS  DISCOVER  WEBSPHERE.  THE  WORLD’S  MOST  POPULAR  INTEGRATION  SOFTWARE . 

WEBSPHERE  for  INFRASTRUCTURE 

j  CONNECTS  MORE  APPLICATIONS,  DEVICES,  PROCESSES  AND  PEOPLE  THAN  ANY  OTHER  SOFTWARE  f 
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IT’S  A  DIFFERENT  KIND  of  WORLD. 

YOU  NEED  A  DIFFERENT  KIND  OF  SOFTWARE. 


THEY’D  HEARD  THIS  WORLD  WAS  OPEN. ..BUT  THIS  OPEN? 

DB2  FOR  LI  N  UX 
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